Audit Logs

Precautions

• No audit logs are generated for operations on internal connections.
• Commands that are always audited include BIGKEYS, KEYS, FLUSHALL, FLUSHDB, SCRIPT, CLIENT, and CONFIG.
• Audit logs are only generated for the following commands that you need to configure many parameters for:

  BITOP, MSETNX, PFCOUNT, PFMERGE, HDEL, HMGET, HMSET, HSET, LPUSH, LPUSHX, SADD, SREM, ZADD, GEOADD, GEOHASH, BFINSERT, BFMADD, and BFMEXISTS.

• An audit log is generated only when EXEC executes more than 100 commands in a transaction.

Enabling Audit Log Reporting to LTS

To use this function, you need to contact customer service to apply for required permissions.

1. Log in to the management console.
2. In the service list, choose Databases > GeminiDB Redis API.
3. In the navigation pane, choose Log Reporting.
4. Locate the row containing your target instance and click in the Report Audit Log to LTS column.
5. Select an LTS log group and log stream and click OK.
   

   You will be billed for enabling this function. For details, see LTS pricing details.

   Figure 1 Enabling audit log reporting to LTS
   

Viewing Log Details

1. Log in to the management console.
2. Click in the upper left corner of the page. Under Management & Governance, click Log Tank Service.
3. On the Log Management page, click Log Groups, select a log group and log stream, and click the name of the selected log stream to go to the details page.
   Figure 2 Selecting a log stream
   

4. Set From now to select a relative time (15 minutes by default) in the upper right corner as needed.
5. On the Raw Logs tab, view the audit logs generated in the relative time period.
   Figure 3 Audit logs