For scenarios such as security compliance audits, performance analysis, and troubleshooting, enabling the SQL Explorer and Audit feature is recommended. Once enabled, the system automatically records SQL changes executed in the database kernel and related information, including execution account, IP address, execution details, and more. This feature has minimal impact on instance performance and provides reliable data support for subsequent historical SQL change record queries, analysis, and audits.
Feature overview
-
Search (Audit): Query and export execution records of historical SQL statements, including the associated database, execution status, execution time, and other related information.
-
SQL Explorer: Provides SQL health diagnostics, performance issue troubleshooting, and business traffic analysis.
Prerequisites
The billing method for the RDS instance must be either subscription or pay-as-you-go; Serverless instances are not supported (see Serverless instances for more information).
Your Alibaba Cloud account must have DAS Enterprise Edition enabled.
NoteThe SQL Explorer and Audit feature depends on the Enterprise Edition. The regions supported by different DAS Enterprise Editions may vary.
If the SQL Explorer and Audit page shows the Search and SQL Explorer tabs, this indicates that the SQL Explorer and Audit feature is enabled, and you can begin using Audit and SQL Explorer.
If you are a RAM user and want to use the Search feature, you must grant the AliyunRDSReadOnlyWithSQLLogArchiveAccess permission to the RAM user.
NoteYou can also grant permissions to RAM users for using the search and export features through custom access policies.
Cost description
Upon activation of SQL Explorer and Audit, the existing SQL Audit (DataBase Audit) will cease to incur charges. Instead, SQL Explorer and Audit will be billed in accordance with the DAS Enterprise Edition billing rates.
Enable SQL Explorer and audit
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
-
In the left navigation bar, select Autonomy Services > SQL Explorer and Audit.
-
On the right page, if the interface prompts that the feature is not enabled, click Enable, and in the pop-up window, click to enable the Enterprise Edition.
NoteYou can only enable the highest DAS Enterprise Edition supported in the current region. As the DAS Enterprise Edition is updated, its billing methods become more flexible, and the usage cost is correspondingly reduced.
Use SQL Explorer and audit
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
-
In the left navigation bar, select Autonomy Services > SQL Explorer and Audit, and utilize the Audit and SQL Explorer features as necessary.
Modify the storage duration of data generated by SQL Explorer and audit
After you reduce the storage duration of data from SQL Explorer and Audit, DAS will immediately clear the SQL audit logs that exceed the new storage duration. It is recommended to export and save your SQL audit logs before reducing the storage duration.
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the left navigation bar, select .
Click Service Settings.
On the Service Settings page, modify the storage duration and submit your changes.
If you have enabled DAS Enterprise V3, you can set different storage durations for data generated by various subfeatures.
NoteThe storage space for data from SQL Explorer and Audit is provided by DAS. It does not use the storage space of the database instance.
Disable SQL Explorer and audit
After disabling the SQL Explorer and Audit feature, logs generated by SQL Explorer and Audit will be cleared. It is recommended to export and save the logs generated by the SQL Explorer and Audit feature to your computer before disabling it. If you re-enable the SQL Explorer and Audit feature, logging will resume from the time the feature is re-enabled.
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
-
In the left navigation bar, select .
-
In the Search tab's Logs area, click Export.
-
In the dialog box that appears, specify the Exported Fields and Export Time Range parameters and click OK.
-
After exporting the logs, download the log file and save it to your computer.
The methods for downloading SQL audit logs vary depending on the version of DAS Enterprise Edition. Download the SQL audit logs according to your specific version.
-
In the Search tab's View Exported Logs, download the exported file.
-
In the Task list tab, download the exported file.
-
-
Click Service Settings to disable SQL Explorer and Audit.
If you are using DAS Enterprise V3, uncheck all SQL Explorer and Audit features and click Submit.
NoteThe storage space occupied by the data from the SQL Explorer and Audit feature is released one hour after the feature is disabled.
FAQ
-
Q: How can I view the logs of SQL execution in the SQL Server database? I want to view historical SQL execution records.
-
A: If your RDS instance has the SQL Explorer and Audit feature enabled, you can view and export SQL execution records directly through the Audit feature. If the feature is not enabled on your RDS instance, you cannot retrieve historical SQL records directly. However, you can analyze changes by restoring data to a specified point in time and comparing SQL changes at different points.
NoteTo better support subsequent SQL analysis and audit work, enabling the SQL Explorer and Audit feature as soon as possible is recommended to continuously record SQL execution details and provide reliable evidence for future analysis.