Instance Region | Audit Log Storage Region |
Tianjin | Beijing |
Taipei (China) | Hong Kong (China) |
Shenzhen | Guangzhou |
Search Item | Operator | Description |
SQL Details | Include-OR-Segment | Rule Description Enter the details of the SQL command and separate multiple keywords by line break. The match items in the SQL command details search box are divided into three levels. The first level sets the forward and reverse matching modes (Include, Exclude); the second level sets the logical relationship between keywords (OR, AND); the third level sets each keyword matching mode (Segment, Wildcard). Note: The search of SQL command details is case-insensitive. Include and Exclude match modes are supported. Keywords support "OR" and "AND" logical match. "OR" means a "union" relationship between different keywords, and "AND" means an "intersection" relationship between different keywords. Each keyword supports two match modes: "segment" and "wildcard". "Segment" means that each keyword in the SQL command details needs to be accurately matched, and "wildcard" means that fuzzy match is supported for each keyword in the SQL command details. Example For example, if the SQL command details are SELECT * FROM test_db1 join test_db2 LIMIT 1; ,In the "Include (segment)" search mode, you can search by segment keywords such as "SELECT", "select from", "", "SELECT * FROM test_db LIMIT 1;", "from Test_DB". However, you can't search by wildcard keywords such as "SEL", "sel", and "test". In the "Include (wildcard)" search mode, you can't search by wildcard keywords such as "SEL", "sel", "test", and "DB". In the "Include (AND)" search mode, multiple keywords are in an "AND" relationship, which means you can query all SQL commands containing "SELECT" and "test_db" by entering keywords such as "SELECT" and "test_db". In the "Include (OR)" search mode, multiple keywords are in an "OR" relationship, which means you can query all SQL commands containing "test_db1" and "test_db2" by entering keywords such as "test_db1" and "test_db2". |
| Include-AND-Segment | |
| Exclude-AND-Segment | |
| Include-OR-Wildcard | |
| Include-AND-Wildcard | |
| Exclude-AND-Wildcard | |
Client IP | Include
Exclude
Equal to
Not equal to | You can filter client IP addresses by using the wildcard "" and separate them by line break. For example, if you enter "client IP: 9.223.23.2", IP addresses that start with "9.223.23.2" will be searched. |
User Account | Include
Exclude
Equal to
Not equal to | Enter a user account and separate multiple keywords by line break. |
Database Name | Include
Exclude
Equal to
Not equal to | Enter a database name and separate multiple keywords by line break. Note: The search of database name is case-insensitive. |
Table Name | Equal to Not equal to | Enter a table name. Table name search instructions are as follows: It is case-insensitive. The search format is DbName.TableName. For example: If the database test_db contains the table test_table, to search for the table test_table, you need to enter: table name equal to test_db.test_table. Note: You can record up to 64 table names. For the field "Table Name", it is supported in TXSQL 2.1.13 and later, as well as TXSQL 3.1.15 and later. Other versions do not support it. If support is required, upgrade to a version that supports this field. |
Error Code | Equal to
Not equal to | Enter an error code and separate multiple keywords by line break. |
SQL Type | Equal to
Not equal to | Pull down the list to select a SQL type (ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGOUT, OTHER, REPLACE, SELECT, SET, UPDATE). You can select multiple types. |
Risk Level | Include
Exclude | Select low, medium, or high risk to filter the audit logs that meet the risk level settings of the rule template. It also supports empty inputs, which indicate filtering the audit logs without risk level tags in the historical inventory. |
Execution Time (μs) | Range format | Enter an execution time in the format of M-N, such as 10-100 or 20-200. |
Lock Wait Time (μs) | Range format | Enter a lock wait time in the format of M-N, such as 10-100 or 20-200. |
IO Wait Time (ns) | Range format | Enter an IO wait time in the format of M-N, such as 10-100 or 20-200. |
Transaction Duration (μs) | Range format | Enter a transaction duration in the format of M-N, such as 10-100 or 20-200. |
CPU Time (μs) | Range format | Enter a CPU time in the format of M-N, such as 10-100 or 20-200. |
Audit Rule | Include
Exclude | Display the template IDs and names of all rule templates in a specific region. You can filter the audit logs meeting a specific rule template. Supports empty inputs, which indicate filtering the audit logs without audit rule tags and the full audit logs not meeting rules in the historical inventory. Supports searching for audit rules by rule template ID and rule template name. Supports choosing multiple rule templates simultaneously. |
Thread ID | Equal to Not equal to | Enter a thread ID and separate multiple keywords by line break. |
Transaction ID | Equal to
Not equal to | Enter a transaction ID and separate multiple keywords by line break. Note: For the field "Transaction ID", it is supported in TXSQL 2.1.11 and later, as well as TXSQL 3.1.15 and later. Other versions do not support it. If support is required, upgrade to a version that supports this field. Currently, a transaction ID is generated only when an explicit transaction is added, deleted, or modified. Implicit transactions do not have a transaction ID. |
Scanned Rows | Range format | Enter a range of scanned rows in the format of M-N, such as 10-100 or 20-200. |
Affected Rows | Range format | Enter a range of affected rows in the format of M-N, such as 10-100 or 20-200. |
Returned Rows | Range format | Enter a range of returned rows returned in the format of M-N, such as 10-100 or 20-200. |
SELECT
commands.Failed
, there may be too many logs. You can download them in batches by narrowing down the time range.No. | Field | Remarks |
1 | Time | The exact timestamp when an operation is performed. |
2 | Risk Level | The risk level of an operation, categorized as low risk, medium risk, and high risk. For full audit, the risk level of logs that do not meet any audit rules will be displayed as "-". |
3 | Client IP | IP address of the client initiating a database operation. |
4 | Database Name | Name of the database involved in an operation. |
5 | User Account | User account executing an operation. |
6 | SQL Type | Type of SQL statements, such as SELECT, INSERT, UPDATE, and DELETE. |
7 | SQL Details | The specific SQL command text being executed. |
8 | Error Code | When an error occurs during the execution of an SQL statement, an error code is generated. The error code is an integer used to identify a specific error type, with 0 indicating success. |
9 | Thread ID | Unique thread ID for each client connected to a database, which is used to identify which client executed a specific operation. |
10 | Transaction ID | Unique ID for each transaction in the storage engine that supports transactions (such as InnoDB), which is used to identify a specific transaction. |
11 | Scanned Rows | The number of rows scanned in a database during query execution, which can help you understand the query efficiency. |
12 | Returned Rows | The number of rows returned in the query results, which can help you understand the result set size. |
13 | Affected Rows | The number of rows actually affected when a modification operation (such as INSERT, UPDATE, or DELETE) is performed on a data table, which can help you understand the impact scope of the operation. |
14 | Execution Time (μs) | The time from starting execution of an SQL statement to finishing it, in microseconds. This field can help you understand the query performance. |
15 | CPU Time (μs) | The time spent executing SQL statement on the CPU, in microseconds. This field can help you understand the CPU usage during the query. |
16 | Lock Wait Time (μs) | The time spent waiting to acquire the database lock, in microseconds. This field can help you understand the lock contention situation of the query. |
17 | IO Wait Time (ns) | The waiting spent waiting for an I/O operation to complete, in nanoseconds. This field can help you understand the I/O performance of the query. |
18 | Transaction Duration (μs) | The total time consumed for a transaction from start to submission or rollback, in microseconds. This field can help you understand the performance of the transaction. |
19 | Audit Rule | It displays the rule template that the audit log meets. Upon clicking the corresponding rule template, the details of the rule template will be displayed, including the basic information, the parameter settings, and the modification record. The value of the audit rule for the audit logs in the historical inventory is displayed as "-". The value of the audit rule for the audit logs that don't meet rules is displayed as "-". |
No. | SQL Statement Type | SQL Statement Mapping Object |
0 | OTHER | All other SQL statement types except the following |
1 | SELECT | SQLCOM_SELECT |
2 | INSERT | SQLCOM_INSERT, SQLCOM_INSERT_SELECT |
3 | UPDATE | SQLCOM_UPDATE, SQLCOM_UPDATE_MULTI |
4 | DELETE | SQLCOM_DELETE, SQLCOM_DELETE_MULTI, SQLCOM_TRUNCATE |
5 | CREATE | SQLCOM_CREATE_TABLE, SQLCOM_CREATE_INDEX, SQLCOM_CREATE_DB, SQLCOM_CREATE_FUNCTION, SQLCOM_CREATE_USER, SQLCOM_CREATE_PROCEDURE, SQLCOM_CREATE_SPFUNCTION, SQLCOM_CREATE_VIEW, SQLCOM_CREATE_TRIGGER, SQLCOM_CREATE_SERVER, SQLCOM_CREATE_EVENT, SQLCOM_CREATE_ROLE, SQLCOM_CREATE_RESOURCE_GROUP, SQLCOM_CREATE_SRS |
6 | DROP | SQLCOM_DROP_TABLE, SQLCOM_DROP_INDEX, SQLCOM_DROP_DB, SQLCOM_DROP_FUNCTION, SQLCOM_DROP_USER, SQLCOM_DROP_PROCEDURE, SQLCOM_DROP_VIEW, SQLCOM_DROP_TRIGGER, SQLCOM_DROP_SERVER, SQLCOM_DROP_EVENT, SQLCOM_DROP_ROLE, SQLCOM_DROP_RESOURCE_GROUP, SQLCOM_DROP_SRS |
7 | ALTER | SQLCOM_ALTER_TABLE, SQLCOM_ALTER_DB, SQLCOM_ALTER_PROCEDURE, SQLCOM_ALTER_FUNCTION, SQLCOM_ALTER_TABLESPACE, SQLCOM_ALTER_SERVER, SQLCOM_ALTER_EVENT, SQLCOM_ALTER_USER, SQLCOM_ALTER_INSTANCE, SQLCOM_ALTER_USER_DEFAULT_ROLE, SQLCOM_ALTER_RESOURCE_GROUP |
8 | REPLACE | SQLCOM_REPLACE, SQLCOM_REPLACE_SELECT |
9 | SET | SQLCOM_SET_OPTION, SQLCOM_RESET, SQLCOM_SET_PASSWORD, SQLCOM_SET_ROLE, SQLCOM_SET_RESOURCE_GROUP |
10 | EXECUTE | SQLCOM_EXECUTE |
11 | LOGIN | Database login behavior, which is not constrained by audit rules and is recorded by default. |
12 | LOGOUT | Database logout behavior, which is not constrained by audit rules and is recorded by default. |
13 | CHANGEUSER | User change behavior, which is not constrained by audit rules and is recorded by default. |
Was this page helpful?