Simple Log Service provides CloudLens for RDS. You can use CloudLens for RDS to check the collection status of SQL audit logs, error logs, and slow logs for ApsaraDB RDS instances in real time and manage collection configurations in a centralized manner. You can also audit and analyze collected logs and configure alerts for the logs.
Features
CloudLens for RDS provides the following features:
Collection management
ImportantAllows you to collect error logs and slow logs only from ApsaraDB RDS for MySQL and ApsaraDB RDS for PostgrepSQL instances.
Allows you to manage the collection status of SQL audit logs, slow logs, and error logs for ApsaraDB RDS instances in a centralized manner.
Automatically collects SQL audit logs, slow logs, and error logs from existing ApsaraDB RDS instances and new instances.
Allows you to manage projects and Logstores in a centralized manner.
Log audit
Allows you to store, query, and analyze SQL audit logs of ApsaraDB RDS instances in real time.
Provides various reports. You can subscribe to these reports and configure settings to receive the reports by using emails or DingTalk group messages.
Provides various built-in alert monitoring rules, supports flexible configurations for alert policies, and sends alert messages in a timely and accurate manner.
Supported log types
You can use CloudLens for RDS to collect SQL audit logs, error logs, and slow logs of ApsaraDB RDS instances. The SQL audit logs of an ApsaraDB RDS database record all operations that are performed on the database. The logs are obtained by the system based on network protocol analysis, which consumes only a small amount of CPU resources and does not affect the execution of SQL statements. The SQL audit logs record the following operations and related information:
Database logons and logoffs.
DDL operations: SQL statements that define a database structure. Examples: CREATE, ALTER DROP, TRUNCATE, and COMMENT.
DML operations: SQL statements that perform specific operations. Examples: SELECT, INSERT, UPDATE, and DELETE.
Other operations that are performed by executing SQL statements. Examples: rollback and control.
The execution latency, execution results, and number of affected rows of SQL statements.
Assets
Custom projects and Logstores
ImportantDo not delete the projects or Logstores that are used for the logs delivered from ApsaraDB RDS. Otherwise, subsequent logs cannot be delivered to Simple Log Service.
Dedicated dashboards
By default, Simple Log Service generates three dashboards for the application.
NoteWe recommend that you do not make changes to the dedicated dashboards because the dashboards may be upgraded or updated at any time. You can create a custom dashboard to visualize query results. For more information, see Create a dashboard.
Dashboard
Description
RDS Operation Center
Displays statistics about access to databases and active databases. The statistics include the number of databases on which the operations are performed, number of tables on which the operations are performed, and number of execution errors. The statistics also include the total number of inserted rows, total number of updated rows, total number of deleted rows, and total number of obtained rows.
RDS Performance Center
Displays the metrics that are related to O&M reliability. The metrics include the peak bandwidth for all SQL statements that are executed, peak bandwidth for SQL statements that query data, peak bandwidth for SQL statements that update data, and peak bandwidth for SQL statements that delete data. The metrics also include the average execution time of all SQL statements, average execution time of SQL statements that query data, average execution time of SQL statements that update data, and average execution time of SQL statements that delete data.
RDS Security Center
Displays the metrics that are related to database security. The metrics include the number of errors, number of logon failures, number of bulk deletion events, number of bulk modification events, and number of times that risky SQL statements are executed. The metrics also include the distribution of error operations by type, distribution of clients that have errors on the Internet, and clients that have the largest number of errors.
Billing
If you want to enable collection for SQL audit logs when you use CloudLens for RDS, you must enable the SQL Explorer feature, which is available in ApsaraDB RDS for MySQL. The fees of the SQL Explorer feature are included in your ApsaraDB RDS bills. For more information, see Billable items, billing methods, and pricing.
NoteIf your ApsaraDB RDS for MySQL instance runs RDS Enterprise Edition, you are not charged for the SQL Explorer feature.
After you collect the logs of ApsaraDB RDS instances to Simple Log Service, you are charged for data storage, read traffic, requests, data transformation, and data shipping. For more information, see Pay-by-feature.
Limits
Only some types of ApsaraDB RDS instances support the SQL audit feature. For more information, see Features of ApsaraDB RDS for MySQL.
The log collection feature of CloudLens for RDS depends on the SQL Explorer feature of ApsaraDB RDS for MySQL.
After you enable the log collection feature for ApsaraDB RDS for MySQL instances in CloudLens for RDS, the system automatically enables the SQL Explorer feature of the ApsaraDB RDS for MySQL instances.
The Simple Log Service project that is used to store SQL audit logs collected from an ApsaraDB RDS instance must reside in the same region as the instance.
All regions are supported, except Local Regions.
Log collection methods
Simple Log Service can collect SQL audit logs from ApsaraDB RDS instances by using one of the following methods:
If SQL audit logs are collected by using Method 1 or Method 3, you can apply the collection configurations that you create for one method to the other method. If SQL audit logs are collected by using Method 2, you cannot use the collection configurations that you create for Method 1 or Method 3. You must separately create collection configurations.
Method 1: CloudLens for RDS
To collect SQL audit logs by using Method 1, log on to the Simple Log Service console. In the Log Application section, click CloudLens for RDS.
If you want to collect SQL audit logs from ApsaraDB RDS instances that belong to the same Alibaba Cloud account, we recommend that you use this method.
Method 2: Log Audit Service
To collect SQL audit logs by using Method 2, log on to the Simple Log Service console. In the Log Application section, click Log Audit Service.
If you want to collect SQL audit logs from ApsaraDB RDS instances across Alibaba Cloud accounts or regions, we recommend that you use this method.
Method 3: Import Data - RDS SQL Audit
To collect SQL audit logs by using Method 3, log on to the Simple Log Service console. In the Import Data section, click RDS SQL Audit - Cloud Products.
This method is an alternative to Method 1.
Attribute | CloudLens for RDS | Log Audit Service | Import Data - RDS SQL Audit |
Specify an ApsaraDB RDS instance to collect logs | Supported | Supported | Supported |
Specify a Logstore to store logs | Supported | Not supported | Supported |
Collect SQL audit logs from ApsaraDB RDS instances across regions | Not supported | Supported | Not supported |
Collect SQL audit logs from ApsaraDB RDS instances across Alibaba Cloud accounts | Not supported | Supported | Not supported |
Automatic collection | Supported | Supported | Not supported |
Manual collection | Supported | Not supported | Supported |
View collection status in dashboards | Supported | Not supported | Not supported |
Precautions
If you enable a CloudLens application, Log Service automatically checks whether a project whose name is in the aliyun-product-data-<Alibaba Cloud account ID>-cn-heyuan format exists within your Alibaba Cloud account. If the project does not exist, Log Service automatically creates the project.
aliyunlog log delete_project --project_name=aliyun-product-data-<Alibaba Cloud account ID>-cn-heyuan --region-endpoint=cn-heyuan.log.aliyuncs.com command. Replace Alibaba Cloud account ID based on your business scenario.