Updated on 2022-08-17 GMT+08:00

Audit Log

Scenarios

DDS supports log auditing. The feature is disabled by default because enabling it may have a slight impact on your service performance.

An audit log records operations performed on your databases and collections. The generated log files are stored in OBS. Auditing logs can enhance your database security and help you analyze the cause of failed operations.

Precautions

  • DDS checks generated audit logs. If the retention period of logs exceeds the period you set, DDS will delete the logs.
  • After the audit policy is modified, DDS audits logs according to the new policy and the retention period of the original audit logs is subject to the modified retention period.

Querying Audit Logs

  1. On the Instance Management page, click the target DB instance.
  2. In the navigation pane on the left, click Audit Logs.
  3. On the Audit Logs page, view the log details.

Setting the Audit Policy

  1. On the Instance Management page, click the target DB instance.
  2. In the navigation pane on the left, click Audit Logs.
  3. On the Audit Logs page, click Set Audit Policy.
  4. On the displayed page, enable, modify, or disable audit policies.

    • Enable or modify the audit policy.
      To enable the audit policy, click .
      • All: audits all collections of the DB instance.
      • Custom: audits specified databases or collections of the DB instance.

        The database or collection name cannot contain spaces or the following special characters: /\' : "[]{}() The dollar sign ($) can be used only as an escape character.

        The database name can contain a maximum of 64 characters.

        If you enter a combined database and collection name, the total name length is 120 characters with the database name length of no more than 64 characters and the collection name cannot be blank, contain null, or use system. in prefix.

      • Statement Type: audits specified statements, including auth, insert, update, delete, command, and query statements.
      • Retention Days: indicates the number of days to retain audit logs and can range from 7 to 732 days.

      Click OK to save the modification. After the modification, logs are generated according to the new policy and the retention period of the original logs is subject to the modified retention period.

    • Disable the audit policy.

      After the audit policy is disabled, no audit log is generated.

      To disable the audit policy, click .

      You can determine whether to delete all automated backup files:

      • If you do not select Delete automated backups, all backup files within the retention period will be retained. You can manually delete them later.
      • If you select Delete automated backups, all backup files within the retention period will be deleted.

      Click OK.

Downloading Logs

  1. On the Instance Management page, click the target DB instance.
  2. In the navigation pane on the left, click Audit Logs.
  3. On the Audit Logs page, click Download to download audit logs.

    • The system automatically loads the downloading preparation tasks. The loading duration is determined by the log file size and network environment.
    • The download link is valid for 5 minutes. After the download link expires, a message is displayed indicating that the download link has expired. If you need to download the log, click OK.