SQL Explorer and Audit records all SQL statements executed in the database kernel, including the execution account, IP address, execution details, and execution status. Enable this feature to support security compliance audits, performance troubleshooting, and historical SQL analysis with minimal impact on instance performance.
With SQL Explorer and Audit, you can:
Search and export historical SQL execution records by database, execution status, execution time, and other criteria through Audit.
Diagnose and analyze SQL health, performance bottlenecks, and business traffic patterns through SQL Explorer.
Prerequisites
Before you begin, ensure that you have:
An RDS instance that uses subscription or pay-as-you-go billing (serverless instances are not supported). For more information, see Serverless instances
Database Autonomy Service (DAS) Enterprise Edition enabled on your Alibaba Cloud account
(RAM users only) The
AliyunRDSReadOnlyWithSQLLogArchiveAccesspermission granted to the RAM user to use the Audit feature. For instructions, see Grant permissions to RAM users
SQL Explorer and Audit depends on DAS Enterprise Edition. The supported regions vary by edition. RAM users can also access the search and export features through custom access policies.
Billing
After you enable SQL Explorer and Audit, the legacy SQL Audit (Database Audit) feature stops incurring charges. SQL Explorer and Audit is billed according to DAS Enterprise Edition billing rates.
Enable SQL Explorer and Audit
Go to the Instances page. In the top navigation bar, select the region of the RDS instance, then click the instance ID.
In the left-side navigation pane, choose Autonomy Services > SQL Explorer and Audit.
Click Enable Audit Logs, then configure and activate features in the pop-up window.
The console enables the highest DAS Enterprise Edition supported in the current region. Only the highest edition available in the region can be enabled. As DAS Enterprise Edition is updated, billing becomes more flexible and costs decrease.
Verify
After enabling, the SQL Explorer and Audit page displays the Audit and SQL Explorer tabs. If both tabs are visible, the feature is active and ready to use.
Use SQL Explorer and Audit
Go to the Instances page. In the top navigation bar, select the region of the RDS instance, then click the instance ID.
In the left-side navigation pane, choose Autonomy Services > SQL Explorer and Audit.
Use the available tabs:
Audit -- Query and export historical SQL execution records. See Audit for detailed instructions.
SQL Explorer -- Analyze SQL health, troubleshoot performance issues, and review business traffic. See SQL Explorer for detailed instructions.
SQL Explorer and Audit data is stored by DAS and does not consume the storage space of the database instance.
Modify the storage duration
Reducing the storage duration causes DAS to immediately delete SQL audit logs that exceed the new duration. Export and save your logs before making this change.
Go to the Instances page. In the top navigation bar, select the region of the RDS instance, then click the instance ID.
In the left-side navigation pane, choose Autonomy Services > SQL Explorer and Audit.
Click Service Settings.
Modify the storage duration and submit your changes.
If you have enabled DAS Enterprise V3, you can set different storage durations for individual subfeatures. The storage space for SQL Explorer and Audit data is provided by DAS and does not consume the storage space of the database instance.
Disable SQL Explorer and Audit
Disabling SQL Explorer and Audit permanently deletes all collected logs. Export and save your logs before disabling. If you re-enable the feature later, logging resumes from that point forward -- previously deleted logs cannot be recovered.
Step 1: Export logs
Go to the Instances page. In the top navigation bar, select the region of the RDS instance, then click the instance ID.
In the left-side navigation pane, choose Autonomy Services > SQL Explorer and Audit.
On the Audit tab, in the Logs area, click Export.
In the dialog box, specify the Export Field and Export Time Range, then click Next.
Download the exported log file:
DAS Enterprise V1/V2: On the Audit tab, click View Exported Logs and download the file.
DAS Enterprise V3: Click the Tasks button and download the file from the task list.
Step 2: Disable the feature
Click Service Settings to disable SQL Explorer and Audit.
If you are using DAS Enterprise V3, uncheck all SQL Explorer and Audit features and click Submit.
The storage space occupied by SQL Explorer and Audit data is released approximately one hour after the feature is disabled.
FAQ
How do I view historical SQL execution records?
If SQL Explorer and Audit is enabled, open the Audit tab to query and export execution records directly. See Audit for instructions.
If the feature was not enabled when the SQL statements ran, those records are not available. As a workaround, restore data to a specific point in time and compare changes across snapshots. To capture SQL activity going forward, enable SQL Explorer and Audit as early as possible.