Instance Region | Audit Log Storage Region |
Tianjin | Beijing |
Taipei (China) | Hong Kong (China) |
Shenzhen | Guangzhou |
Search Item | Operator | Description |
SQL Details | Include-OR-Segment | Rule Description Enter the details of the SQL command and separate multiple keywords by line break. The match items in the SQL command details search box are divided into three levels. The first level sets the forward and reverse matching modes (Include, Exclude); the second level sets the logical relationship between keywords (OR, AND); the third level sets each keyword matching mode (Segment, Wildcard). Note: The search of SQL command details is case-insensitive. Include and Exclude match modes are supported. Keywords support "OR" and "AND" logical match. "OR" means a "union" relationship between different keywords, and "AND" means an "intersection" relationship between different keywords. Each keyword supports two match modes: "segment" and "wildcard". "Segment" means that each keyword in the SQL command details needs to be accurately matched, and "wildcard" means that fuzzy match is supported for each keyword in the SQL command details. Example For example, if the SQL command details are SELECT * FROM test_db1 join test_db2 LIMIT 1; ,In the "Include (segment)" search mode, you can search by segment keywords such as "SELECT", "select from", "", "SELECT * FROM test_db LIMIT 1;", "from Test_DB". However, you can't search by wildcard keywords such as "SEL", "sel", and "test". In the "Include (wildcard)" search mode, you can't search by wildcard keywords such as "SEL", "sel", "test", and "DB". In the "Include (AND)" search mode, multiple keywords are in an "AND" relationship, which means you can query all SQL commands containing "SELECT" and "test_db" by entering keywords such as "SELECT" and "test_db". In the "Include (OR)" search mode, multiple keywords are in an "OR" relationship, which means you can query all SQL commands containing "test_db1" and "test_db2" by entering keywords such as "test_db1" and "test_db2". |
| Include-AND-Segment | |
| Exclude-AND-Segment | |
| Include-OR-Wildcard | |
| Include-AND-Wildcard | |
| Exclude-AND-Wildcard | |
Client IP | Include
Exclude
Equal to
Not equal to | You can filter client IP addresses by using the wildcard "" and separate them by line break. For example, if you enter "client IP: 9.223.23.2", IP addresses that start with "9.223.23.2" will be searched. |
User Account | Include
Exclude
Equal to
Not equal to | Enter a user account and separate multiple keywords by line break. |
Database Name | Include
Exclude
Equal to
Not equal to | Enter a database name and separate multiple keywords by line break. Note: The search of database name is case-insensitive. |
Error Code | Equal to
Not equal to | Enter an error code and separate multiple keywords by line break. |
SQL Type | Equal to
Not equal to | Pull down the list to select a SQL type (ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGOUT, OTHER, REPLACE, SELECT, SET, UPDATE). You can select multiple types. |
Risk Level | Include
Exclude | Select low, medium, or high risk to filter the audit logs that meet the risk level settings of the rule template. It also supports empty inputs, which indicate filtering the audit logs without risk level tags in the historical inventory. |
Execution Time (μs) | Range format | Enter an execution time in the format of M-N, such as 10-100 or 20-200. |
Lock Wait Time (μs) | Range format | Enter a lock wait time in the format of M-N, such as 10-100 or 20-200. |
IO Wait Time (μs) | Range format | Enter an IO wait time in the format of M-N, such as 10-100 or 20-200. |
Transaction Duration (μs) | Range format | Enter a transaction duration in the format of M-N, such as 10-100 or 20-200. |
CPU Time (μs) | Range format | Enter a CPU time in the format of M-N, such as 10-100 or 20-200. |
Audit Rule | Include
Exclude | Display the template IDs and names of all rule templates in a specific region. You can filter the audit logs meeting a specific rule template. Supports empty inputs, which indicate filtering the audit logs without audit rule tags and the full audit logs not meeting rules in the historical inventory. Supports searching for audit rules by rule template ID and rule template name. Supports choosing multiple rule templates simultaneously. |
Thread ID | Equal to Not equal to | Enter a thread ID and separate multiple keywords by line break. |
Transaction ID | Equal to
Not equal to | Enter a transaction ID and separate multiple keywords by line break. Note: Only the kernel minor version 2.1.11 and later versions of TDSQL-C for MySQL 5.7 support the Transaction ID field, which is not supported by TDSQL-C for MySQL 8.0. |
Scanned Rows | Range format | Enter a range of scanned rows in the format of M-N, such as 10-100 or 20-200. |
Affected Rows | Range format | Enter a range of affected rows in the format of M-N, such as 10-100 or 20-200. |
Returned Rows | Range format | Enter a range of returned rows returned in the format of M-N, such as 10-100 or 20-200. |
SELECT
commands.Failed
, there may be too many logs. You can download them in batches by narrowing down the time range.No. | Field | Remarks |
1 | Time | - |
2 | Risk Level | It is classified into low risk, medium risk, and high risk. For Full Audit, the risk level will be displayed as "-" for logs that do not meet the audit rules. |
3 | Client IP | - |
4 | Database Name | - |
5 | User Account | - |
6 | SQL Type | - |
7 | SQL Details | - |
8 | Error Code | 0 means success |
9 | Thread ID | - |
10 | Transaction ID | - |
11 | Scanned Rows | - |
12 | Returned Rows | - |
13 | Affected Rows | - |
14 | Execution Time (μs) | - |
15 | CPU Time (μs) | - |
16 | Lock Wait Time (μs) | - |
17 | IO Wait Time (μs) | - |
18 | Transaction Duration (μs) | - |
19 | Policy Name | - |
20 | Audit Rule | It displays the rule template that the audit log meets. Upon clicking the corresponding rule template, the details of the rule template will be displayed, including the basic information, the parameter settings, and the modification record. The value of the audit rule for the audit logs in the historical inventory is displayed as "-". The value of the audit rule for the audit logs that don't meet rules is displayed as "-". |
No. | SQL Statement Type | SQL Statement Mapping Object |
0 | OTHER | All other SQL statement types except the following |
1 | SELECT | SQLCOM_SELECT |
2 | INSERT | SQLCOM_INSERT, SQLCOM_INSERT_SELECT |
3 | UPDATE | SQLCOM_UPDATE, SQLCOM_UPDATE_MULTI |
4 | DELETE | SQLCOM_DELETE, SQLCOM_DELETE_MULTI, SQLCOM_TRUNCATE |
5 | CREATE | SQLCOM_CREATE_TABLE, SQLCOM_CREATE_INDEX, SQLCOM_CREATE_DB, SQLCOM_CREATE_FUNCTION, SQLCOM_CREATE_USER, SQLCOM_CREATE_PROCEDURE, SQLCOM_CREATE_SPFUNCTION, SQLCOM_CREATE_VIEW, SQLCOM_CREATE_TRIGGER, SQLCOM_CREATE_SERVER, SQLCOM_CREATE_EVENT, SQLCOM_CREATE_ROLE, SQLCOM_CREATE_RESOURCE_GROUP, SQLCOM_CREATE_SRS |
6 | DROP | SQLCOM_DROP_TABLE, SQLCOM_DROP_INDEX, SQLCOM_DROP_DB, SQLCOM_DROP_FUNCTION, SQLCOM_DROP_USER, SQLCOM_DROP_PROCEDURE, SQLCOM_DROP_VIEW, SQLCOM_DROP_TRIGGER, SQLCOM_DROP_SERVER, SQLCOM_DROP_EVENT, SQLCOM_DROP_ROLE, SQLCOM_DROP_RESOURCE_GROUP, SQLCOM_DROP_SRS |
7 | ALTER | SQLCOM_ALTER_TABLE, SQLCOM_ALTER_DB, SQLCOM_ALTER_PROCEDURE, SQLCOM_ALTER_FUNCTION, SQLCOM_ALTER_TABLESPACE, SQLCOM_ALTER_SERVER, SQLCOM_ALTER_EVENT, SQLCOM_ALTER_USER, SQLCOM_ALTER_INSTANCE, SQLCOM_ALTER_USER_DEFAULT_ROLE, SQLCOM_ALTER_RESOURCE_GROUP |
8 | REPLACE | SQLCOM_REPLACE, SQLCOM_REPLACE_SELECT |
9 | SET | SQLCOM_SET_OPTION, SQLCOM_RESET, SQLCOM_SET_PASSWORD, SQLCOM_SET_ROLE, SQLCOM_SET_RESOURCE_GROUP |
10 | EXECUTE | SQLCOM_EXECUTE |
11 | LOGIN | Database login is not subject to audit rules. |
12 | LOGOUT | Database logout is not subject to audit rules. |
13 | CHANGEUSER | User change is not subject to audit rules. |
Was this page helpful?