Updated on 2024-11-19 GMT+08:00

Setting SQL Audit

Function

This API is used to set a policy for SQL audit logs.

  • Before calling an API, you need to understand the API in Authentication.

Constraints

This API is available only to RDS for MySQL and RDS for PostgreSQL.

URI

  • URI format

    PUT /v3/{project_id}/instances/{instance_id}/auditlog-policy

  • Parameter description
    Table 1 Parameter description

    Name

    Mandatory

    Description

    project_id

    Yes

    Project ID of a tenant in a region.

    For details about how to obtain the project ID, see Obtaining a Project ID.

    instance_id

    Yes

    Specifies the DB instance ID.

Request

Table 2 Parameter description

Name

Mandatory

Type

Description

keep_days

Yes

Integer

Number of days for storing audit logs. The value range is from 0 to 732.

  • 0: indicates that SQL audit is disabled.
  • 1 to 732: indicates the retention days for audit logs after SQL audit is enabled.

reserve_auditlogs

No

Boolean

This parameter is valid only when SQL audit is disabled.

  • true (default): indicates that historical audit logs will be reserved for some time when SQL audit is disabled.
  • false: indicates that historical audit logs will be deleted immediately when SQL audit is disabled.

audit_types

No

Array of strings

This parameter applies only to RDS for MySQL.

Operation types recorded in audit logs. This parameter is valid only when audit logging is enabled. If this parameter is left blank, all operation types will be recorded by default.

  • CREATE_USER, DROP_USER, RENAME_USER, GRANT, REVOKE, ALTER_USER, ALTER_USER_DEFAULT_ROLE
  • CREATE, ALTER, DROP, RENAME, TRUNCATE, REPAIR, OPTIMIZE
  • INSERT, DELETE, UPDATE, REPLACE, SELECT
  • BEGIN/COMMIT/ROLLBACK, PREPARED_STATEMENT, CALL_PROCEDURE, KILL, SET_OPTION, CHANGE_DB, UNINSTALL_PLUGIN, UNINSTALL_PLUGIN, INSTALL_PLUGIN, SHUTDOWN, SLAVE_START, SLAVE_STOP, LOCK_TABLES, UNLOCK_TABLES, FLUSH, XA

Example Request

  • Enable SQL Audit and set the audit log retention period to 5 days.
    PUT https://{endpoint}/v3/0483b6b16e954cb88930a360d2c4e663/instances/cee5265e1e5845649e354841234567dfin01/auditlog-policy
    
    {
        "keep_days":5,
        "audit_types": [
        "CREATE_USER"
        ]
    }
  • Disable SQL Audit and delete existing historical audit logs.
    {
        "keep_days":0,
        "reserve_auditlogs":false
    }

Response

  • Normal response
    Table 3 Parameters

    Parameter

    Type

    Description

    status

    String

    Explanation:

    Result of setting SQL audit.

    Value range:

    COMPLETED

  • Example normal response
    {
      "status":"COMPLETED"
    }
  • Abnormal response

    For details, see Abnormal Request Results.

Status Code

Error Code

For details, see Error Codes.