- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Optimization of Instance Storage Capacity, IOPS, and I/O Bandwidth
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Sales Suspension of Some General Specifications
- Announcement on Some APIs Integrated with CAM Authentication
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Announcement on Supplementary Charge for Clusters with Pay-as-You-Go Storage Billing Mode
- Announcement on New APIs Integrated with CAM Permissions
- Announcement on the Release of New Version of Database Proxy
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Practical Tutorial
- Classified Protection Practice for Database Audit of TDSQL-C for MySQL
- Upgrading Database Version from MySQL 5.7 to 8.0 Through DTS
- Usage Instructions for TDSQL-C MySQL
- New Version of Console
- Implementing Multiple RO Groups with Multiple Database Proxy Connection Addresses
- Strengths of Database Proxy
- Selecting Billing Mode for Storage Space
- Creating Remote Disaster Recovery by DTS
- Creating VPC for Cluster
- Data Rollback
- Solution to High CPU Utilization
- How to Authorize Sub-Users to View Monitoring Data
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Billing APIs
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterDetail
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- SwitchClusterVpc
- OpenReadOnlyInstanceExclusiveAccess
- OpenClusterReadOnlyInstanceGroupAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- Service Agreement
- TDSQL-C Policy
- General References
- Glossary
- Contact Us
- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Optimization of Instance Storage Capacity, IOPS, and I/O Bandwidth
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Sales Suspension of Some General Specifications
- Announcement on Some APIs Integrated with CAM Authentication
- Announcement on Some APIs with CAM Authentication Integrated
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Announcement on Supplementary Charge for Clusters with Pay-as-You-Go Storage Billing Mode
- Announcement on New APIs Integrated with CAM Permissions
- Announcement on the Release of New Version of Database Proxy
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Practical Tutorial
- Classified Protection Practice for Database Audit of TDSQL-C for MySQL
- Upgrading Database Version from MySQL 5.7 to 8.0 Through DTS
- Usage Instructions for TDSQL-C MySQL
- New Version of Console
- Implementing Multiple RO Groups with Multiple Database Proxy Connection Addresses
- Strengths of Database Proxy
- Selecting Billing Mode for Storage Space
- Creating Remote Disaster Recovery by DTS
- Creating VPC for Cluster
- Data Rollback
- Solution to High CPU Utilization
- How to Authorize Sub-Users to View Monitoring Data
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Billing APIs
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterDetail
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- SwitchClusterVpc
- OpenReadOnlyInstanceExclusiveAccess
- OpenClusterReadOnlyInstanceGroupAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- Service Agreement
- TDSQL-C Policy
- General References
- Glossary
- Contact Us
This document describes how to view database audit logs and their list field.
Note:
A new version of the audit log page was released on July 12, 2023. The new version added a new audit log search field "Scanned Rows". For existing audit logs before this release date, the data in this field will be displayed as "-", and the corresponding downloaded files and APIs will be displayed as "-1".
The unit of the audit log field "Execution Time" in the console and downloaded audit log files has been unified to milliseconds.
The unit of the audit log field "CPU Time" in the console and downloaded audit log files has been unified to microseconds.
The unit of the "Timestamp" field in the audit log files has been updated to display millisecond-level timing.
When searching audit logs, the character used to separate multiple search items is changed from comma to line break.
After enabling database audit, the storage regions of audit log files for instances in Tianjin, Taipei (China), and Shenzhen are different. Refer to the table below for the corresponding storage regions.
Instance Region | Audit Log Storage Region |
Tianjin | Beijing |
Taipei (China) | Hong Kong (China) |
Shenzhen | Guangzhou |
Prerequisite
Viewing Audit Logs
Note:
The audit log display time is down to milliseconds, facilitating more precise sorting and problem analysis of SQL commands.
1. Log in to the TDSQL-C for MySQL console.
2. Click Database Audit on the left sidebar.
3. After selecting a region at the top, click on Audit Status on the Audit Instance page, and select the Enabled option to filter instances that have enabled audit.
4. Find the target instance in the audit instance list, or search for it by resource attribute in the search box, and click View Audit Log in the Operation column to enter the Audit Log tab and view logs.
Tool list
In the audit instance filter box, you can choose to switch to other audit instances that have enabled the audit service.
In the time box, the last 1 hour is selected by default. You can quickly select another time period (last 3 hours, last 24 hours, or last 7 days), or enter a custom time period, to view relevant audit logs within the chosen time period.
Note:
You can select any time period with data for search. Up to the first 60,000 eligible records can be displayed.
In the search box, select the search items (such as SQL Details, Client IP, Database Account, Database Name, Error Code, SQL Type, Risk Level, Execution Time (ms), Lock Wait Time (μs), IO Wait Time (μs), Transaction Duration (μs), CPU Time (μs), Audit Rule, Thread ID, Transaction ID, Scanned Rows, Affected Rows, Returned Rows, etc.) for search. This allows you to view relevant audit results. Multiple keywords are separated by line break.
Search Item | Operator | Description |
SQL Details | Include-OR-Segment | Rule Description Enter the details of the SQL command and separate multiple keywords by line break. The match items in the SQL command details search box are divided into three levels. The first level sets the forward and reverse matching modes (Include, Exclude); the second level sets the logical relationship between keywords (OR, AND); the third level sets each keyword matching mode (Segment, Wildcard). Note: The search of SQL command details is case-insensitive. Include and Exclude match modes are supported. Keywords support "OR" and "AND" logical match. "OR" means a "union" relationship between different keywords, and "AND" means an "intersection" relationship between different keywords. Each keyword supports two match modes: "segment" and "wildcard". "Segment" means that each keyword in the SQL command details needs to be accurately matched, and "wildcard" means that fuzzy match is supported for each keyword in the SQL command details. Example For example, if the SQL command details are SELECT * FROM test_db1 join test_db2 LIMIT 1;,In the "Include (segment)" search mode, you can search by segment keywords such as "SELECT", "select from", "", "SELECT * FROM test_db LIMIT 1;", "from Test_DB". However, you can't search by wildcard keywords such as "SEL", "sel", and "test". In the "Include (wildcard)" search mode, you can't search by wildcard keywords such as "SEL", "sel", "test", and "DB". In the "Include (AND)" search mode, multiple keywords are in an "AND" relationship, which means you can query all SQL commands containing "SELECT" and "test_db" by entering keywords such as "SELECT" and "test_db". In the "Include (OR)" search mode, multiple keywords are in an "OR" relationship, which means you can query all SQL commands containing "test_db1" and "test_db2" by entering keywords such as "test_db1" and "test_db2". |
| Include-AND-Segment | |
| Exclude-AND-Segment | |
| Include-OR-Wildcard | |
| Include-AND-Wildcard | |
| Exclude-AND-Wildcard | |
Client IP | Include
Exclude
Equal to
Not equal to | You can filter client IP addresses by using the wildcard "" and separate them by line break. For example, if you enter "client IP: 9.223.23.2", IP addresses that start with "9.223.23.2" will be searched. |
User Account | Include
Exclude
Equal to
Not equal to | Enter a user account and separate multiple keywords by line break. |
Database Name | Include
Exclude
Equal to
Not equal to | Enter a database name and separate multiple keywords by line break. Note: The search of database name is case-insensitive. |
Error Code | Equal to
Not equal to | Enter an error code and separate multiple keywords by line break. |
SQL Type | Equal to
Not equal to | Pull down the list to select a SQL type (ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGOUT, OTHER, REPLACE, SELECT, SET, UPDATE). You can select multiple types. |
Risk Level | Include
Exclude | Select low, medium, or high risk to filter the audit logs that meet the risk level settings of the rule template. It also supports empty inputs, which indicate filtering the audit logs without risk level tags in the historical inventory. |
Execution Time (ms) | Range format | Enter an execution time in the format of M-N, such as 10-100 or 20-200. |
Lock Wait Time (μs) | Range format | Enter a lock wait time in the format of M-N, such as 10-100 or 20-200. |
IO Wait Time (μs) | Range format | Enter an IO wait time in the format of M-N, such as 10-100 or 20-200. |
Transaction Duration (μs) | Range format | Enter a transaction duration in the format of M-N, such as 10-100 or 20-200. |
CPU Time (μs) | Range format | Enter a CPU time in the format of M-N, such as 10-100 or 20-200. |
Audit Rule | Include
Exclude | Display the template IDs and names of all rule templates in a specific region. You can filter the audit logs meeting a specific rule template. Supports empty inputs, which indicate filtering the audit logs without audit rule tags and the full audit logs not meeting rules in the historical inventory. Supports searching for audit rules by rule template ID and rule template name. Supports choosing multiple rule templates simultaneously. |
Thread ID | Equal to Not equal to | Enter a thread ID and separate multiple keywords by line break. |
Transaction ID | Equal to
Not equal to | Enter a transaction ID and separate multiple keywords by line break. Note: Only the kernel minor version 2.1.11 and later versions of TDSQL-C for MySQL 5.7 support the Transaction ID field, which is not supported by TDSQL-C for MySQL 8.0. |
Scanned Rows | Range format | Enter a range of scanned rows in the format of M-N, such as 10-100 or 20-200. |
Affected Rows | Range format | Enter a range of affected rows in the format of M-N, such as 10-100 or 20-200. |
Returned Rows | Range format | Enter a range of returned rows returned in the format of M-N, such as 10-100 or 20-200. |
Log list
The Returned Rows field represents the specific number of rows returned by executing the SQL command, which is mainly used to determine the impact of
SELECT commands.
Audit Fields
The following fields are supported in TDSQL-C for MySQL audit logs. On the Audit Log tab, click the download icon. After download, click the file list icon. On the page redirected to, copy the download address and access it to get the complete SQL audit logs.
Note:
Currently, you can download audit log files of a database instance only at the Tencent Cloud private network address by using a CVM instance in the same region. For example, to download the audit logs of database instances in Beijing region, download them with a CVM instance in Beijing.
Log files are valid for 24 hours. Download them promptly.
Up to 30 log files can be retained for one database instance. Delete files promptly after download.
If the status is
Failed, there may be too many logs. You can download them in batches by narrowing down the time range.No. | Field | Remarks |
1 | Time | The exact timestamp when an operation is performed. |
2 | Risk Level | The risk level of an operation, categorized as low risk, medium risk, and high risk. For full audit, the risk level of logs that do not meet any audit rules will be displayed as "-". |
3 | Client IP | IP address of the client initiating a database operation. |
4 | Database Name | Name of the database involved in an operation. |
5 | User Account | User account executing an operation. |
6 | SQL Type | Type of SQL statements, such as SELECT, INSERT, UPDATE, and DELETE. |
7 | SQL Details | The specific SQL command text being executed. |
8 | Error Code | When an error occurs during the execution of an SQL statement, an error code is generated. The error code is an integer used to identify a specific error type, with 0 indicating success. |
9 | Thread ID | Unique thread ID for each client connected to a database, which is used to identify which client executed a specific operation. |
10 | Transaction ID | Unique ID for each transaction in the storage engine that supports transactions (such as InnoDB), which is used to identify a specific transaction. |
11 | Scanned Rows | The number of rows scanned in a database during query execution, which can help you understand the query efficiency. |
12 | Returned Rows | The number of rows returned in the query results, which can help you understand the result set size. |
13 | Affected Rows | The number of rows actually affected when a modification operation (such as INSERT, UPDATE, or DELETE) is performed on a data table, which can help you understand the impact scope of the operation. |
14 | Execution Time (ms) | The time from starting execution of an SQL statement to finishing it, in milliseconds. This field can help you understand the query performance. |
15 | CPU Time (μs) | The time spent executing SQL statement on the CPU, in microseconds. This field can help you understand the CPU usage during the query. |
16 | Lock Wait Time (μs) | The time spent waiting to acquire the database lock, in microseconds. This field can help you understand the lock contention situation of the query. |
17 | IO Wait Time (μs) | The waiting spent waiting for an I/O operation to complete, in microseconds. This field can help you understand the I/O performance of the query. |
18 | Transaction Duration (μs) | The total time consumed for a transaction from start to submission or rollback, in microseconds. This field can help you understand the performance of the transaction. |
19 | Audit Rule | It displays the rule template that the audit log meets. Upon clicking the corresponding rule template, the details of the rule template will be displayed, including the basic information, the parameter settings, and the modification record. The value of the audit rule for the audit logs in the historical inventory is displayed as "-". The value of the audit rule for the audit logs that don't meet rules is displayed as "-". |
Relationship Between SQL Statement Type and SQL Statement Mapping Object
No. | SQL Statement Type | SQL Statement Mapping Object |
0 | OTHER | All other SQL statement types except the following |
1 | SELECT | SQLCOM_SELECT |
2 | INSERT | SQLCOM_INSERT, SQLCOM_INSERT_SELECT |
3 | UPDATE | SQLCOM_UPDATE, SQLCOM_UPDATE_MULTI |
4 | DELETE | SQLCOM_DELETE, SQLCOM_DELETE_MULTI, SQLCOM_TRUNCATE |
5 | CREATE | SQLCOM_CREATE_TABLE, SQLCOM_CREATE_INDEX, SQLCOM_CREATE_DB, SQLCOM_CREATE_FUNCTION, SQLCOM_CREATE_USER, SQLCOM_CREATE_PROCEDURE, SQLCOM_CREATE_SPFUNCTION, SQLCOM_CREATE_VIEW, SQLCOM_CREATE_TRIGGER, SQLCOM_CREATE_SERVER, SQLCOM_CREATE_EVENT, SQLCOM_CREATE_ROLE, SQLCOM_CREATE_RESOURCE_GROUP, SQLCOM_CREATE_SRS |
6 | DROP | SQLCOM_DROP_TABLE, SQLCOM_DROP_INDEX, SQLCOM_DROP_DB, SQLCOM_DROP_FUNCTION, SQLCOM_DROP_USER, SQLCOM_DROP_PROCEDURE, SQLCOM_DROP_VIEW, SQLCOM_DROP_TRIGGER, SQLCOM_DROP_SERVER, SQLCOM_DROP_EVENT, SQLCOM_DROP_ROLE, SQLCOM_DROP_RESOURCE_GROUP, SQLCOM_DROP_SRS |
7 | ALTER | SQLCOM_ALTER_TABLE, SQLCOM_ALTER_DB, SQLCOM_ALTER_PROCEDURE, SQLCOM_ALTER_FUNCTION, SQLCOM_ALTER_TABLESPACE, SQLCOM_ALTER_SERVER, SQLCOM_ALTER_EVENT, SQLCOM_ALTER_USER, SQLCOM_ALTER_INSTANCE, SQLCOM_ALTER_USER_DEFAULT_ROLE, SQLCOM_ALTER_RESOURCE_GROUP |
8 | REPLACE | SQLCOM_REPLACE, SQLCOM_REPLACE_SELECT |
9 | SET | SQLCOM_SET_OPTION, SQLCOM_RESET, SQLCOM_SET_PASSWORD, SQLCOM_SET_ROLE, SQLCOM_SET_RESOURCE_GROUP |
10 | EXECUTE | SQLCOM_EXECUTE |
11 | LOGIN | Database login behavior, which is not constrained by audit rules and is recorded by default. |
12 | LOGOUT | Database logout behavior, which is not constrained by audit rules and is recorded by default. |
13 | CHANGEUSER | User change behavior, which is not constrained by audit rules and is recorded by default. |
Yes
No
Was this page helpful?