All Products
Search
Document Center

Log Service:Usage notes

Last Updated:Aug 25, 2023

Simple Log Service provides CloudLens for RDS. You can use CloudLens for RDS to check the collection status of SQL audit logs, error logs, and slow logs for ApsaraDB RDS instances in real time and manage collection configurations in a centralized manner. You can also audit and analyze collected logs and configure alerts for the logs.

Features

CloudLens for RDS provides the following features:

  • Collection management

    Important

    Allows you to collect error logs and slow logs only from ApsaraDB RDS for MySQL and ApsaraDB RDS for PostgrepSQL instances.

    • Allows you to manage the collection status of SQL audit logs, slow logs, and error logs for ApsaraDB RDS instances in a centralized manner.

    • Automatically collects SQL audit logs, slow logs, and error logs from existing ApsaraDB RDS instances and new instances.

    • Allows you to manage projects and Logstores in a centralized manner.

  • Log audit

    • Allows you to store, query, and analyze SQL audit logs of ApsaraDB RDS instances in real time.

    • Provides various reports. You can subscribe to these reports and configure settings to receive the reports by using emails or DingTalk group messages.

    • Provides various built-in alert monitoring rules, supports flexible configurations for alert policies, and sends alert messages in a timely and accurate manner.

Supported log types

You can use CloudLens for RDS to collect SQL audit logs, error logs, and slow logs of ApsaraDB RDS instances. The SQL audit logs of an ApsaraDB RDS database record all operations that are performed on the database. The logs are obtained by the system based on network protocol analysis, which consumes only a small amount of CPU resources and does not affect the execution of SQL statements. The SQL audit logs record the following operations and related information:

  • Database logons and logoffs.

  • DDL operations: SQL statements that define a database structure. Examples: CREATE, ALTER DROP, TRUNCATE, and COMMENT.

  • DML operations: SQL statements that perform specific operations. Examples: SELECT, INSERT, UPDATE, and DELETE.

  • Other operations that are performed by executing SQL statements. Examples: rollback and control.

  • The execution latency, execution results, and number of affected rows of SQL statements.

Assets

  • Custom projects and Logstores

    Important

    Do not delete the projects or Logstores that are used for the logs delivered from ApsaraDB RDS. Otherwise, subsequent logs cannot be delivered to Simple Log Service.

  • Dedicated dashboards

    By default, Simple Log Service generates three dashboards for the application.

    Note

    We recommend that you do not make changes to the dedicated dashboards because the dashboards may be upgraded or updated at any time. You can create a custom dashboard to visualize query results. For more information, see Create a dashboard.

    Dashboard

    Description

    RDS Operation Center

    Displays statistics about access to databases and active databases. The statistics include the number of databases on which the operations are performed, number of tables on which the operations are performed, and number of execution errors. The statistics also include the total number of inserted rows, total number of updated rows, total number of deleted rows, and total number of obtained rows.

    RDS Performance Center

    Displays the metrics that are related to O&M reliability. The metrics include the peak bandwidth for all SQL statements that are executed, peak bandwidth for SQL statements that query data, peak bandwidth for SQL statements that update data, and peak bandwidth for SQL statements that delete data. The metrics also include the average execution time of all SQL statements, average execution time of SQL statements that query data, average execution time of SQL statements that update data, and average execution time of SQL statements that delete data.

    RDS Security Center

    Displays the metrics that are related to database security. The metrics include the number of errors, number of logon failures, number of bulk deletion events, number of bulk modification events, and number of times that risky SQL statements are executed. The metrics also include the distribution of error operations by type, distribution of clients that have errors on the Internet, and clients that have the largest number of errors.

Billing

  • If you want to enable collection for SQL audit logs when you use CloudLens for RDS, you must enable the SQL Explorer feature, which is available in ApsaraDB RDS for MySQL. The fees of the SQL Explorer feature are included in your ApsaraDB RDS bills. For more information, see Billable items, billing methods, and pricing.

    Note

    If your ApsaraDB RDS for MySQL instance runs RDS Enterprise Edition, you are not charged for the SQL Explorer feature.

  • After you collect the logs of ApsaraDB RDS instances to Simple Log Service, you are charged for data storage, read traffic, requests, data transformation, and data shipping. For more information, see Pay-by-feature.

Limits

  • Only some types of ApsaraDB RDS instances support the SQL audit feature. For more information, see Features of ApsaraDB RDS for MySQL.

  • The log collection feature of CloudLens for RDS depends on the SQL Explorer feature of ApsaraDB RDS for MySQL.

    After you enable the log collection feature for ApsaraDB RDS for MySQL instances in CloudLens for RDS, the system automatically enables the SQL Explorer feature of the ApsaraDB RDS for MySQL instances.

  • The Simple Log Service project that is used to store SQL audit logs collected from an ApsaraDB RDS instance must reside in the same region as the instance.

  • All regions are supported, except Local Regions.

Log collection methods

Simple Log Service can collect SQL audit logs from ApsaraDB RDS instances by using one of the following methods:

Note

If SQL audit logs are collected by using Method 1 or Method 3, you can apply the collection configurations that you create for one method to the other method. If SQL audit logs are collected by using Method 2, you cannot use the collection configurations that you create for Method 1 or Method 3. You must separately create collection configurations.

  • Method 1: CloudLens for RDS

    • To collect SQL audit logs by using Method 1, log on to the Simple Log Service console. In the Log Application section, click CloudLens for RDS.

    • If you want to collect SQL audit logs from ApsaraDB RDS instances that belong to the same Alibaba Cloud account, we recommend that you use this method.

  • Method 2: Log Audit Service

    • To collect SQL audit logs by using Method 2, log on to the Simple Log Service console. In the Log Application section, click Log Audit Service.

    • If you want to collect SQL audit logs from ApsaraDB RDS instances across Alibaba Cloud accounts or regions, we recommend that you use this method.

  • Method 3: Import Data - RDS SQL Audit

    • To collect SQL audit logs by using Method 3, log on to the Simple Log Service console. In the Import Data section, click RDS SQL Audit - Cloud Products.

    • This method is an alternative to Method 1.

Attribute

CloudLens for RDS

Log Audit Service

Import Data - RDS SQL Audit

Specify an ApsaraDB RDS instance to collect logs

Supported

Supported

Supported

Specify a Logstore to store logs

Supported

Not supported

Supported

Collect SQL audit logs from ApsaraDB RDS instances across regions

Not supported

Supported

Not supported

Collect SQL audit logs from ApsaraDB RDS instances across Alibaba Cloud accounts

Not supported

Supported

Not supported

Automatic collection

Supported

Supported

Not supported

Manual collection

Supported

Not supported

Supported

View collection status in dashboards

Supported

Not supported

Not supported

Precautions

If you enable a CloudLens application, Log Service automatically checks whether a project whose name is in the aliyun-product-data-<Alibaba Cloud account ID>-cn-heyuan format exists within your Alibaba Cloud account. If the project does not exist, Log Service automatically creates the project.

If you want to delete the project, open the Cloud Shell and run the aliyunlog log delete_project --project_name=aliyun-product-data-<Alibaba Cloud account ID>-cn-heyuan --region-endpoint=cn-heyuan.log.aliyuncs.com command. Replace Alibaba Cloud account ID based on your business scenario.
Warning If you delete the project, all CloudLens applications become unavailable. Proceed with caution.