Updated on 2024-07-18 GMT+08:00

Downloading SQL Audit Logs

If you enable SQL audit, all SQL operations will be logged, and you can download audit logs to view details. The minimum time unit of audit logs is second.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Databases > Relational Database Service.
  3. On the Instances page, click the target DB instance.
  4. In the navigation pane on the left, choose SQL Audits.
  5. On the displayed page, select a time range in the upper right corner, select SQL audit logs to be downloaded in the list, and click Download above the list to download SQL audit logs in batches.

    Alternatively, select an audit log and click Download in the Operation column to download an individual SQL audit log.

  6. The following figure shows the SQL audit log content. For field descriptions, see Table 1.

    Figure 1 RDS for PostgreSQL audit logs
    Table 1 Audit log field description

    Field

    Description

    AUDIT:

    Fixed prefix, which identifies an audit record.

    AUDIT_TYPE

    Audit type. The value can be SESSION, OBJECT, or CLIENT_AUTHENTICATION.

    STATEMENT_ID

    Unique statement ID for this session.

    SUBSTATEMENT_ID

    ID of each substatement in the main statement.

    CLASS or AUTHENTICATION_RESULT

    Operation type.

    • CLASS: The value depends on the pgaudit.log options, and can be READ or ROLE.
    • AUTHENTICATION_RESULT: The value can be SUCCESS or FAIL.

    PID

    Process ID.

    STATEMENT_START_TIME

    Statement start timestamp, in us.

    connection_status

    Session status, which is usually the returned error code of a statement. If the statement is successfully executed, the value 0 is returned.

    APPLICATION_NAME

    Application name, such as PSQL and JDBC.

    USER_NAME

    Username for logging in to the database.

    DATABASE_NAME

    Name of the database that was logged in to.

    REMOTE_HOST

    IP address of the host used for login.

    COMMAND

    Type of the SQL command, such as ALTER TABLE and SELECT.

    OBJECT_TYPE

    Object type, such as TABLE, INDEX, and VIEW.

    OBJECT_NAME

    Object name.

    STATEMENT

    Content of the SQL statement executed at the backend.

    PARAMETER

    Parameter value.