Configuring SQL Audit

This API is used to configure a policy for SQL audit logs.

This operation cannot be performed on frozen or abnormal instances.

URI format
POST https://{Endpoint}/v3/{project_id}/instances/{instance_id}/auditlog-policy
URI example
https://dds.ap-southeast-1.myhuaweicloud.com/v3/0549b4a43100d4f32f51c01c2fe4acdb/instances/5cecca4c20e04146862651b8d385f26ain02/auditlog-policy

**Table 1** Request parameters
Name	Type	IN	Mandatory	Description
x-auth-token	string	header	Yes	User token
project_id	string	path	Yes	Project ID of a tenant in a region. To obtain the project ID, see Obtaining a Project ID.
instance_id	string	path	Yes	Instance ID, which can be obtained by calling the API described in Querying Instances and Details. If you do not have an instance, call the API described in Creating a DB Instance to create one.

Parameter description

**Table 2** Parameter description
Name	Type	Mandatory	Description
keep_days	Integer	Yes	The number of days for storing audit logs. The value can be 0 or ranges from 7 to 732. 0: indicates that SQL audit is disabled. 7 to 732: indicates the retention days for audit logs after SQL audit is enabled.
reserve_auditlogs	String	No	This parameter is valid only when SQL audit is disabled. true (default value): indicates that historical audit logs are retained when SQL audit is disabled. false: indicates that existing historical audit logs are deleted when SQL audit is disabled.
audit_scope	String	No	This parameter is valid only when the audit log policy is enabled. If this parameter is left blank or set to all, all audit log policies are enabled by default. Audit scope: Enter the database or collection name. Use commas (,) to separate multiple databases or collections. If the name contains a comma (,), add a dollar sign ($) before the comma to distinguish it from the separators. Enter a maximum of 1024 characters. The value cannot contain spaces or the following special characters "[]{}():? The dollar sign ($) can be used only in escape mode.
audit_types	Array of strings	No	This parameter is valid only when the audit log policy is enabled. If this parameter is left blank, all audit log policies are enabled by default. Specifies the audit type. The value is auth, insert, delete, update, query, or command.

Request example

Enabling or updating the audit log policy

{
  "keep_days": 7,
  "audit_scope": "all",
  "audit_types": [
    "insert"
  ]
}

Disabling the policy for SQL audit logs:

{
  "keep_days": 0,
  "reserve_auditlogs": false
}

Response example

{}

For more information, see Status Code.

For more information, see Error Code.

Parent topic: Log Information Queries

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel