ApsaraDB for Redis:Query audit logs

Background information

When you want to view database access records, investigate the cause of a sudden increase in resource consumption by a Redis instance, or trace records of data being modified or deleted, the audit logs from ApsaraDB for Redis can provide you with detailed clues.

View audit logs

1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance is deployed. Then, find the instance and click its ID.

2. In the left-side navigation pane, choose Logs > Audit Log.

3. The Audit Log page displays audit log information for the Redis instance.

Filter the audit logs of an instance

ApsaraDB for Redis allows you to view the audit logs that meet specified filter conditions.

1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click the instance ID.

2. In the left-side navigation pane, choose Logs > Audit Log.

3. On the Audit Log page, specify conditions to filter audit logs.

   Table 1. Filter conditions

   Filter condition	Description
   Keyword	The keyword that is included in the audit logs you want to view. A keyword can be a client IP address, a command, a username, or other extended information. Note The Keyword field supports exact match. You must enter complete information in the Keyword field. Examples: If you want to specify an IPv4 address as a keyword, you must enter a complete IP address such as 192.168.1.1, not a partial IP address such as 192.168 or 1.1. If you want to specify a command as a keyword, you must enter a complete command such as AUTH or auth, not a partial command such as au. If a keyword contains a colon (:), you must enclose the keyword in a pair of double quotation marks (""). Example: "userId:1".
   Type	The type of audit logs. Valid values: redis_audit_log: the audit logs of data shards. redis_proxy_audit_log: the audit logs of proxy nodes. Note This parameter is available only if the instance uses the read/write splitting architecture or the cluster architecture in proxy mode. By default, the Tair console displays the IP addresses of proxy nodes for cluster and read/write splitting instances. To obtain the IP address of your cluster or read/write splitting instance, set ptod_enabled to 1. For more information, see Configure instance parameters.
   Account	The account used to connect to the Redis instance. This field is empty by default. For more information about accounts, see Create and manage database accounts.
   Client ip	The client IP address used to connect to the Redis instance.
   DB	The database whose audit logs you want to query.

View the audit logs of an instance over a specified time range

You can use the time picker to specify a time range to query.

1. Log on to the ApsaraDB for Redis console and go to the Instances page. In the top navigation bar, select the region in which the instance that you want to manage resides. Then, find the instance and click the instance ID.

2. In the left-side navigation pane, choose Logs > Audit Log.

3. On the Audit Log page, click Time Range.

4. Specify a time range to query audit logs.

Related API operations

FAQ

• Can I view more than 2,000 audit log entries?

  The Audit Log page in the ApsaraDB for Redis console displays a maximum of 2,000 audit log entries. To view more audit log entries, log on to the Simple Log Service console. For more information, see Query and analyze logs.