Updated on 2024-04-11 GMT+08:00

Downloading SQL Audit Logs

If you enable the SQL audit function, all SQL operations will be logged, and you can download audit logs to view details. The minimum time unit of audit logs is second. By default, the SQL audit function is disabled. Enabling this function may affect performance.

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click Service List. Under Database, click Relational Database Service. The RDS console is displayed.
  4. On the Instance Management page, click the target DB instance.
  5. In the navigation pane on the left, choose SQL Audits.
  6. On the displayed page, select a time range in the upper right corner, select SQL audit logs to be downloaded in the list, and click Download above the list to download SQL audit logs in batches.

    Alternatively, select an audit log and click Download in the Operation column to download an individual SQL audit log.

  7. The following figure shows the SQL audit log content. For field descriptions, see Table 1.

    Figure 1 RDS for MySQL audit logs
    Table 1 Audit log field description

    Parameter

    Description

    record_id

    ID of a single record, which is the unique global ID of each SQL statement recorded in the audit log.

    connection_id

    ID of the session executed by the record, which is the same as the ID in the show processlist command output.

    connection_status

    Session status, which is usually the returned error code of a statement. If a statement is successfully executed, the value 0 is returned.

    name

    Recorded type name. Generally, DML and DDL operations are QUERY, connection and disconnection operations are CONNECT and QUIT, respectively.

    timestamp

    Recorded UTC time.

    command_class

    SQL command type. The value is the parsed SQL type, for example, select or update. (This field does not exist if the connection is disconnected.)

    sqltext

    Executed SQL statement content. (This field does not exist if the audit connection is disconnected.)

    user

    Login account.

    host

    Login host. The value is localhost for local login and is empty for remote login.

    external_user

    External username.

    ip

    IP address of the remotely-connected client. The local IP address is empty.

    default_db

    Default database on which SQL statements are executed.