Updated on 2022-08-16 GMT+08:00

Enabling the SQL Audit Function

After you enable the SQL audit function, all SQL operations will be recorded in log files. You can download audit logs to view log details.

By default, SQL audit is disabled because enabling this function may affect database performance. This section describes how to enable, modify, or disable SQL audit.

  • After you enable the SQL audit function, the system records all SQL operations and uploads logs every half an hour or when the size is accumulated to 100 MB.
  • After SQL audit is enabled, log files will occupy your backup space.

Constraints

Only the versions listed below support SQL audit. .
  • MySQL 5.6.43 and later versions for DB instances using cloud disks, MySQL 5.6.47.3 and later versions for DB instances using local disks
  • MySQL 5.7.23 and later versions for DB instances using cloud disks, MySQL 5.7.29.3 and later versions for DB instances using local disks
  • MySQL 8.0

Procedure

  1. Log in to the management console.
  2. Click in the upper left corner and select a region and a project.
  3. Click Service List. Under Database, click Relational Database Service. The RDS console is displayed.
  4. On the Instance Management page, click the target DB instance.
  5. In the navigation pane on the left, choose SQL Audits. On the displayed page, click Set SQL Audit above the list. In the displayed dialog box, configure information as required and click OK.

    Enabling or setting SQL audit
    • To retain SQL audit logs, set (disabled) to (enabled).
    • Audit logs are retained for 7 days by default but can be retained from anywhere from 1 to 732 days if needed.

    Disabling SQL audit

    To disable SQL audit, toggle (enabled) to (disabled).

    • If you select the check box "I acknowledge that after audit log is disabled, all audit logs are deleted.", all audit logs will be deleted.

      Deleted audit logs cannot be recovered. Exercise caution when performing this operation.

    • If you do not select the check box "I acknowledge that after audit log is disabled, all audit logs are deleted.", the audit logs will be retained.