For scenarios such as compliance audits, performance analysis, and troubleshooting, you can enable the SQL Explorer and Audit feature. After you enable this feature, the system automatically records SQL changes executed by the database kernel and related information, such as the execution account, IP address, and execution details. This feature has a negligible impact on instance performance and provides reliable data for querying historical SQL change records and performing analysis and audits.
Overview
Audit: Query and export execution records of historical SQL statements. These records include information such as the database, execution status, and running time.
SQL Explorer: Provides SQL health diagnostics, performance issue troubleshooting, and service traffic analysis.
Prerequisites
The RDS instance must use the subscription or pay-as-you-go billing method. Serverless ApsaraDB RDS for SQL Server instances are not supported.
To allow a Resource Access Management (RAM) user to use the Audit feature, you must grant the AliyunRDSReadOnlyWithSQLLogArchiveAccess permission to the user.
NoteYou can also use custom policies to grant a RAM user the permissions required to use the audit feature, including the export function.
Billing
After you enable SQL Explorer and Audit, billing for the original SQL Audit (Database Audit) feature stops. SQL Explorer and Audit is billed as part of DAS Enterprise Edition. For more information, see Billing.
Enable SQL Explorer and Audit
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the navigation pane on the left, choose Autonomy Services > SQL Explorer and Audit.
Click Enable Audit Logs, select the features that you want to enable, and then click Submit.
After the feature is enabled, click OK in the dialog box.
Use SQL Explorer and Audit
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the navigation pane on the left, choose Autonomy Services > SQL Explorer and Audit. Use the Audit and SQL Explorer features as needed.
Modify the data storage duration for SQL Explorer and Audit
If you reduce the data storage duration, DAS immediately deletes the SQL audit logs that exceed the new storage duration. Export and save the SQL audit logs to your computer before you reduce the storage duration.
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the navigation pane on the left, choose .
Click Service Settings.
On the Full Logs page, change the storage duration and click Submit.
NoteThe storage space for SQL Explorer and Audit data is provided by DAS and does not occupy the storage space of your database instance.
Disable SQL Explorer and Audit
After you disable the SQL Explorer and Audit feature, its logs are deleted. Export and save the logs to your computer before you disable the feature. If you re-enable the feature, logs are recorded from the time of re-enabling.
Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.
In the navigation pane on the left, choose .
In the Logs area, click Export.
You can select the fields and a time range for the export. If you use SQL Explorer and Audit with a hybrid of hot and cold storage, you must select a CSV Separator when you export data.
Configure the export task. After the export is complete, click Task list to download and save the exported file.
Click Service Settings to disable SQL Explorer and Audit.Clear all the SQL Explorer and Audit feature checkboxes and click Submit.
ImportantThe system releases the storage space occupied by the SQL Explorer and Audit data about one hour after you disable the feature.
FAQ
Q: How can I view the logs of executed SQL statements in my SQL Server database? I want to see the historical execution records.
A: If the SQL Explorer and Audit feature is enabled for your RDS instance, you can use the Audit feature to directly view and export SQL execution records. If this feature is not enabled, you cannot directly retrieve historical SQL records. However, you can restore data to a specific point in time to compare SQL changes at different points in time and analyze the modifications.
NoteWe recommend that you enable the SQL Explorer and Audit feature as soon as possible to support future SQL analysis and audits. This ensures continuous recording of SQL execution details and provides a reliable basis for future analysis.