Updated on 2025-08-20 GMT+08:00

Setting SQL Audit

Function

This API is used to set a policy for SQL audit logs.

Constraints

This API is available only to RDS for MySQL and RDS for PostgreSQL.

URI

  • URI format

    PUT /v3/{project_id}/instances/{instance_id}/auditlog-policy

  • Parameter description
    Table 1 Parameters

    Parameter

    Mandatory

    Description

    project_id

    Yes

    Project ID of a tenant in a region.

    To obtain the value, see Obtaining a Project ID.

    instance_id

    Yes

    Specifies the DB instance ID.

Request

Table 2 Parameters

Parameter

Mandatory

Type

Description

keep_days

Yes

Integer

Number of days for storing audit logs. The value range is from 0 to 732.

  • 0: indicates that SQL audit is disabled.
  • 1 to 732: indicates the retention days for audit logs after SQL audit is enabled.

reserve_auditlogs

No

Boolean

This parameter is valid only when SQL audit is disabled.

  • true (default): indicates that historical audit logs will be reserved for some time when SQL audit is disabled.
  • false: indicates that historical audit logs will be deleted immediately when SQL audit is disabled.

audit_types

No

Array of strings

This parameter applies only to RDS for MySQL.

Operation types recorded in audit logs. This parameter is valid only when audit logging is enabled. If this parameter is left blank, all operation types will be recorded by default.

  • CREATE_USER, DROP_USER, RENAME_USER, GRANT, REVOKE, ALTER_USER, ALTER_USER_DEFAULT_ROLE
  • CREATE, ALTER, DROP, RENAME, TRUNCATE, REPAIR, OPTIMIZE
  • INSERT, DELETE, UPDATE, REPLACE, SELECT
  • BEGIN/COMMIT/ROLLBACK,PREPARED_STATEMENT,CALL_PROCEDURE,KILL,SET_OPTION,CHANGE_DB,UNINSTALL_PLUGIN,INSTALL_PLUGIN,SHUTDOWN,SLAVE_START,SLAVE_STOP,LOCK_TABLES,UNLOCK_TABLES,FLUSH,XA

Example Request

  • Enable SQL Audit and set the audit log retention period to 5 days.
    PUT https://{endpoint}/v3/0483b6b16e954cb88930a360d2c4e663/instances/cee5265e1e5845649e354841234567dfin01/auditlog-policy
    
    {
        "keep_days":5,
        "audit_types": [
        "CREATE_USER"
        ]
    }
  • Disable SQL Audit and delete existing historical audit logs.
    {
        "keep_days":0,
        "reserve_auditlogs":false
    }

Response

  • Normal response
    Table 3 Parameters

    Parameter

    Type

    Description

    status

    String

    Definition

    Result of setting SQL audit.

    Range

    COMPLETED

  • Example normal response
    {
      "status":"COMPLETED"
    }
  • Abnormal response

    For details, see Abnormal Request Results.

Status Code

Error Code

For details, see Error Codes.