All Products
Search
Document Center

ApsaraDB RDS:Use the SQL Explorer and Audit feature

Last Updated:May 08, 2024

If you want to monitor and manage SQL statements that are executed on an ApsaraDB RDS for PostgreSQL instance in scenarios such as security compliance audit, performance analysis, and troubleshooting, you can use the SQL Explorer and Audit feature. The feature enables you to record and perform aggregate analysis on the execution of SQL statements. After this feature is enabled, SQL statements from database kernels, the accounts that are used to execute the SQL statements, IP addresses, and execution details are automatically recorded. Instance performance is not affected.

Prerequisites

Billing rules

For more information, see Billing.

Note

After the SQL Explorer and Audit feature is enabled, ApsaraDB RDS stops billing for the SQL Audit feature. The SQL Explorer and Audit feature is billed based on the pricing of DAS Enterprise Edition. For more information, see Use the SQL Audit feature.

Feature description

  • Search: queries and exports information about the SQL statements that are executed. The information includes the database, status, and execution time.

  • SQL Explorer: diagnoses the SQL statements, troubleshoots performance issues, and analyzes business traffic.

Usage notes

If PgBouncer is enabled for your RDS instance, SQL statements that are executed by using PgBouncer are not recorded by the SQL Explorer and Audit feature.

Enable the SQL Explorer and Audit feature

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, choose Autonomy Service > SQL Explorer and Audit.

  3. If the SQL Explorer and Audit feature is not enabled, click Enable on the page that appears. In the dialog box that appears, enable DAS Enterprise Edition.

    Note

    If the Search and SQL Explorer tabs are displayed on the page that appears, the SQL Explorer and Audit feature is enabled.

Query information on the Search tab

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, choose Autonomy Service > SQL Explorer and Audit.

  3. On the page that appears, click the Search tab. Then, specify the search conditions to query the relevant information. For more information about the search feature, see Search.

    To export logs, click Export and configure the Exported Fields parameter in the Export SQL Records dialog box. You can configure the Export Time Range parameter to export logs that are generated both within and beyond a time range of 24 hours.

Query information on the SQL Explorer tab

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, choose Autonomy Service > SQL Explorer and Audit.

  3. On the page that appears, click the SQL Explorer tab to view the relevant information. For more information about the SQL Explorer feature, see Use the SQL Explorer feature.

Disable the SQL Explorer and Audit feature

Warning

After you disable the SQL Explorer and Audit feature, all logs that are generated by the feature are deleted. We recommend that you export and save the logs that are generated by the SQL Explorer and Audit feature to your computer and then disable the SQL Explorer and Audit feature. If you enable the SQL Explorer and Audit feature again, logs that are generated by the feature are recorded from the point in time at which the SQL Explorer and Audit feature is enabled again.

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
  2. In the left-side navigation pane, choose Autonomy Service > SQL Explorer and Audit.

  3. In the Logs section of the Search tab, click Export.

  4. In the dialog box that appears, configure the Exported Fields and Export Time Range parameters, and click OK.

  5. After the logs are exported, download the log file and save it to your computer.

  6. In the Service Settings dialog box, turn off SQL insight and audit, select I am aware that all relevant data will be deleted after SQL Explorer is disabled and then click OK.

    Note

    If you enable the audit log collection feature for your RDS instance in the CloudLens for RDS application of Simple Log Service, the SQL Explorer and Audit feature is automatically enabled for the RDS instance. Therefore, you must also disable the audit log collection feature for the RDS instance. For more information, see CloudLens for RDS.

FAQ

Why am I unable to query the SQL statements that fail to be executed in an RDS instance?

The SQL statements that fail to be executed in the RDS instance are recorded in the error log instead of the audit logs of the instance. For more information about how to query the error log of the RDS instance, see View the logs of an ApsaraDB RDS for PostgreSQL instance.

Why are the database names displayed in log files inconsistent with those used in SQL statements?

The database names displayed in log files are obtained from sessions, while the database names used in SQL statements depend on your inputs or the design of queries, such as cross-database queries and dynamic SQL. Therefore, the database names displayed in log files are inconsistent with those used in SQL statements.