Help Center/ Document Database Service/ API Reference/ APIs V3.0 (Recommended)/ Log Information Queries/ Configuring SQL Audit
Updated on 2025-10-24 GMT+08:00
View PDF

Configuring SQL Audit

Description

This API is used to configure a policy for SQL audit logs.

Constraints

This operation cannot be performed on frozen or abnormal instances.

URI

  • URI format

    POST /v3/{project_id}/instances/{instance_id}/auditlog-policy

  • URI example

    https://dds.ap-southeast-1.myhuaweicloud.com/v3/0549b4a43100d4f32f51c01c2fe4acdb/instances/5cecca4c20e04146862651b8d385f26ain02/auditlog-policy

Table 1 Path parameters

Name

Mandatory

Type

IN

Description

project_id

Yes

string

path

Explanation:

Project ID of a tenant in a region. To obtain the project ID, see Obtaining a Project ID.

Constraints:

N/A

Value range:

N/A

Default value:

N/A

instance_id

Yes

string

path

Explanation:

Instance ID, which can be obtained by calling the API described in Querying Instances and Details. If you do not have an instance, call the API described in Creating a DB Instance to create one.

Constraints:

N/A

Value range:

N/A

Default value:

N/A

Request Parameters

Table 2 Request header parameters

Name

Mandatory

Type

IN

Description

X-Auth-Token

Yes

string

header

Definition

User token obtained from IAM. For details, see Authentication.

Constraints

N/A

Range

N/A

Default Value

N/A
Table 3 Parameter description

Name

Type

Mandatory

Description

keep_days

Integer

Yes

The number of days for storing audit logs. The value can be 0 or ranges from 7 to 732.

  • 0: indicates that SQL audit is disabled.
  • 7 to 732: indicates the retention days for audit logs after SQL audit is enabled.

reserve_auditlogs

String

No

This parameter is valid only when SQL audit is disabled.

  • true (default value): indicates that historical audit logs are retained when SQL audit is disabled.
  • false: indicates that existing historical audit logs are deleted when SQL audit is disabled.

audit_scope

String

No

This parameter is valid only when the audit log policy is enabled. If this parameter is left blank or set to all, all audit log policies are enabled by default.

Audit scope:

Enter the database or collection name. Use commas (,) to separate multiple databases or collections. If the name contains a comma (,), add a dollar sign ($) before the comma to distinguish it from the separators.

Enter a maximum of 1024 characters. The value cannot contain spaces or the following special characters "[]{}():? The dollar sign ($) can be used only in escape mode.

audit_types

Array of strings

No

This parameter is valid only when the audit log policy is enabled. If this parameter is left blank, all audit log policies are enabled by default.

Specifies the audit type. The value is auth, insert, delete, update, query, or command.

Example Requests

  • Enabling or updating SQL Audit, setting the retention period to 7 days, and setting audit_scope to all 
    {
  "keep_days": 7,
  "audit_scope": "all",
  "audit_types": [
    "insert"
  ]
}
  • Disabling SQL Audit and deleting existing historical audit logs 
    {
  "keep_days": 0,
  "reserve_auditlogs": false
}

Response Parameters

Example Responses

{}

Status Code

For more information, see Status Code.

Error Code

For more information, see Error Code.

Parent topic: Log Information Queries