Updated on 2024-10-14 GMT+08:00

Enabling SQL Audit

Scenarios

After SQL audit is enabled for RDS for PostgreSQL DB instances, the system records SQL operations and uploads logs every half an hour or when the size of a single record reaches 100 MB. The generated audit logs are stored in OBS. If there is not enough free backup space available for generated audit logs, the additional space required is billed.

Precautions

  • SQL audit is disabled for DB instances by default because enabling it increases database loads.
  • To ensure good performance, SQL audit uses the Coordinated Universal Time (UTC) format and is not affected by the time zone configuration.
  • To enable SQL audit, you need to install the pgAudit extension first. For details, see pgAudit.

Constraints

Only the following versions support SQL audit. To use this function, contact customer service to apply for required permissions. If your DB engine version is too early, upgrade it to the latest version by referring to Upgrading a Minor Version.
  • Latest minor versions of RDS for PostgreSQL 12 and 13
  • All versions of RDS for PostgreSQL 14 and above

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select a region.
  3. Click in the upper left corner of the page and choose Databases > Relational Database Service.
  4. On the Instances page, click the DB instance name.
  5. In the navigation pane, choose SQL Audits. On the displayed page, click Set SQL Audit.
  6. In the displayed dialog box, set the number of days for storing SQL audit logs and click OK.

    Audit logs can be retained from 1 to 732 days and are retained for 7 days by default.

    Figure 1 Setting SQL audit

  7. To disable SQL audit, toggle off the Audit Logging switch, select the confirmation check box, and click OK.

    After SQL audit is disabled, all audit logs will be deleted immediately and cannot be recovered. Exercise caution when performing this operation.

    Figure 2 Disabling SQL audit