Enabling SQL Audit
Scenarios
After SQL audit is enabled for RDS for PostgreSQL DB instances, the system records SQL operations and uploads logs every half an hour or when the size of a single record reaches 100 MB. The generated audit logs are stored in OBS. If there is not enough free backup space available for generated audit logs, the additional space required is billed.
Precautions
- SQL audit is disabled for DB instances by default because enabling it increases database loads.
- To ensure good performance, SQL audit uses the Coordinated Universal Time (UTC) format and is not affected by the time zone configuration.
- To enable SQL audit, you need to install the pgAudit extension first. For details, see pgAudit.
Constraints
- Latest minor versions of RDS for PostgreSQL 12 and 13
- All versions of RDS for PostgreSQL 14 and above
Procedure
- Log in to the management console.
- Click in the upper left corner and select a region.
- Click in the upper left corner of the page and choose Databases > Relational Database Service.
- On the Instances page, click the DB instance name.
- In the navigation pane, choose SQL Audits. On the displayed page, click Set SQL Audit.
- In the displayed dialog box, set the number of days for storing SQL audit logs and click OK.
Audit logs can be retained from 1 to 732 days and are retained for 7 days by default.
Figure 1 Setting SQL audit
- To disable SQL audit, toggle off the Audit Logging switch, select the confirmation check box, and click OK.
After SQL audit is disabled, all audit logs will be deleted immediately and cannot be recovered. Exercise caution when performing this operation.
Figure 2 Disabling SQL audit
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot