Enabling SQL Audit

After you enable the SQL audit function, all SQL operations will be recorded in log files. You can download audit logs to view log details.

By default, SQL audit is disabled because enabling this function may affect database performance. This section describes how to enable, modify, or disable SQL audit.

Both primary DB instances and read replicas support SQL audit logging.
After SQL auditing is enabled, RDS records SQL operations in audit logs. The generated audit log files are temporarily stored in the instance and then uploaded to OBS and stored in the backup space. If there is not enough free backup space available for generated audit logs, the additional space required is billed.
Audit logs are cleared every hour. After you change the retention period of audit logs, expired audit logs will be deleted 1 hour later.
After SQL auditing is enabled, a large number of audit logs may be generated during peak hours. As a result, there are many audit log files temporarily stored in the instance, and the storage may be full.

Supported Database Versions

Only the versions listed below support SQL audit. .

RDS for MySQL 5.6 instances using cloud disks: 5.6.43 and later versions
RDS for MySQL 5.7 instances using cloud disks: 5.7.23 and later versions
RDS for MySQL 8.0

Enabling SQL Audit

Log in to the management console.
Click in the upper left corner of the page and choose Databases > Relational Database Service.
On the Instances page, click the target DB instance.
In the navigation pane on the left, choose SQL Audits. On the displayed page, click Set SQL Audit above the list. In the displayed dialog box, configure information as required and click OK.
Enabling or setting SQL audit
- To enable SQL audit, toggle (disabled) to (enabled).
- Audit logs can be retained from 1 to 732 days and are retained for 7 days by default.
Disabling SQL audit

To disable SQL audit, toggle (enabled) to (disabled).