Lindorm provides the SQL audit log feature. You can view audit logs to check SQL execution records within a specific period of time and filter the records based on specific conditions.
Prerequisites
For more information about how to enable the SQL audit log feature, see Enable the SQL log audit feature.
The LindormTable version is 2.7.6 or later. For information about how to view or update the minor version of LindormTable, see Release notes for LindormTable and Upgrade the minor engine version of a Lindorm instance.
Audit log types
Lindorm audit logs support recording the following SQL operations:
DDL operations, such as CREATE DATABASE, CREATE TABLE, ALTER TABLE, and DROP TABLE
DML operations, such as INSERT, UPSERT, DELETE, and UPDATE
DQL operations, such as SELECT
DML and DQL operations are typically frequent. Recording these types of audit logs can affect instance performance and stability. For this reason, LindormTable records only SQL audit logs for DDL operations by default. To enable audit logs for DML and DQL operations, you can adjust the audit log level using the AUDIT_LEVEL system variable. For more information, see Modify the audit log level.
Log retention period
The default retention period for Lindorm audit logs is 30 days. You can modify the audit log retention period in the console. Logs are deleted after the retention period ends.
Modify the audit log retention period
Log on to the Lindorm console.
In the upper-left corner of the page, select the region where the instance is deployed.
On the Instances page, click the ID of the target instance or click View Instance Details in the Actions column for the instance.
In the navigation pane on the left, choose . In the upper-right corner, click Modify retention period and change the retention period in the dialog box.
Click Confirm Modifications.
View audit logs
Log on to the Lindorm console.
In the upper-left corner of the page, select the region where the instance is deployed.
On the Instances page, click the ID of the target instance or click View Instance Details in the Actions column for the instance.
In the navigation pane on the left, choose to view the details of the SQL audit logs.
NoteBy default, the log details in the last 15 minutes are displayed. You can also change the time period as needed.
Optional. On the Raw Logs tab, click an index field to filter logs based on the field.
Fields in audit logs
Field | Description |
instance_id | The ID of the Lindorm instance. |
reqId | The unique ID that identifies the operation audit log. |
user | The username corresponding to the operation audit log. |
fail | Indicates whether the SQL statement was executed successfully. A value of |
reason | The error message in the operation audit log. This message is returned only when an error occurs in the operation. |
connectionId | The connection ID of the client. |
protocol | The client protocol type. Valid values: Avatica and MySQL. |
db | The name of the selected database. |
sql | The SQL statement that was executed. |
sqlType | The SQL type. Examples: |
params | The parameters that are specified in the SQL statement. Separate multiple parameters with commas (,). This field is available in query scenarios where parameters are bound. |
sqlTime | The time when the SQL statement was executed. |
responseTime | The response time. Unit: milliseconds. |
checkRows | The number of rows scanned, which indicates the number of rows returned from the data storage engine during the query. |
affectRows | The number of rows that are returned after an SQL statement is executed. For statements that involve the add, delete, or modify operations, the affectRows field indicates the number of affected rows. For query statements, the affectRows field indicates the number of returned rows. |
dbVersion | The SQL version on the server that is connected. |
hostname | The host name on the server node. |
clientIp | The IP address of the client. |
clientPort | The port number of the client. |
Change the type of audit logs
You can modify the value of the AUDIT_LEVEL parameter using the ALTER SYSTEM statement to adjust the output level of audit logs.
Valid values:
0: Outputs DDL logs.
1: Outputs DDL and DML logs.
2: Outputs DDL and DQL logs.
3: Outputs DDL, DML, and DQL logs.
Example
Modify the audit log level to output DDL and DQL logs.
ALTER SYSTEM SET AUDIT_LEVEL = 2;Verify the result
You can execute the SHOW SYSTEM VARIABLES LIKE 'AUDIT_LEVEL'; statement to check whether the modification is successful.
For more information about system variables, see ALTER SYSTEM.