Instance Region | Audit log storage region |
Tianjin | Beijing |
Taipei (China) | Hong Kong (China) |
Shenzhen | Guangzhou |
Search Item | Match Item | Description |
SQL Command Details | Include - Or - Tokenize | Rule Description Enter SQL Command Details, separating multiple keywords with line breaks. The SQL Command Details search box matches on three levels: The first level sets the match mode (inclusive or exclusive); The second level sets the logical relationship between keywords (OR, AND); The third level sets the match mode for each keyword (tokenization, wildcard). Note: SQL Command Details search is case-insensitive. Supports two match modes: "Inclusive" and "Exclusive". Keywords support two logical matches, "OR" and "AND". "OR" represents a "union" relationship between different keywords, while "AND" represents an "intersection" relationship. Each keyword supports "tokenization" and "wildcard" match modes. "Tokenization" means each keyword in the SQL Command Details needs to be exactly matched, while "wildcard" means each keyword in the SQL Command Details can be fuzzily matched. Example Description Assume the SQL Command Details are as follows: SELECT * FROM test_db1 JOIN test_db2 LIMIT 1; Under the "Inclusive (Tokenization)" search mode, you can search using tokenized keywords such as "SELECT", "select * from", "*", "SELECT * FROM test_db1 join test_db2 LIMIT 1;", "from Test_DB1", etc. However, wildcard keywords such as "SEL", "sel", "test", etc., cannot be used for search. Under the "Inclusive (Wildcard)" search mode, you can perform searches using wildcard keywords like "SEL", "sel", "test", and "DB". Under the "Inclusive (AND)" search mode, there is an "AND" relationship between multiple keywords. That is to say, entering keywords such as "SELECT", "test_db" will retrieve all SQL commands that include both "SELECT" and "test_db". Under the "Inclusive (OR)" search mode, there exists an "OR" relationship between multiple keywords. In other words, inputting "test_db1" or "test_db2" will yield all SQL commands that either include "test_db1" or "test_db2". |
| Include - AND - Segmentation | |
| Exclude - AND - Segmentation | |
| Include - OR - Wildcard | |
| Include - AND - Wildcard | |
| Exclude - AND - Wildcard | |
Client IP | Include
Exclude
Equal to
Not equal to | Enter the client IP, separate multiple keywords with a new line; IP addresses can be filtered using * as a condition. For example, searching client IP: 9.223.23.2* will match IP addresses beginning with 9.223.23.2. |
User Account | Include
Exclude
Equal to
Not equal to | Enter the user account, separating multiple keywords with a new line. |
Database Name | Include
Exclude
Equal to
Not equal to | Enter the database name, separating multiple keywords with a new line. Note: The database name search is case-insensitive. |
Table Name | Equal to
Not equal to | Input the table name, and the table name search are described as follows: Case-insensitive. The search format is DbName.TableName. For example: If the database test_db contains the table test_table, to search for table test_table, you need to input: the table name equals to test_db.test_table. Note: A maximum of 64 table names can be recorded. Only MySQL 8.0.30 20230630 and later versions support the "Table Name" field. If you require activation, submit a ticket to obtain a solution. |
SQL Type | Equal to
Not equal to | Select from the drop-down list the SQL types (ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGOUT, OTHER, REPLACE, SELECT, SET, UPDATE). Multiple selections are allowed. |
Error Code | Equal to
Not equal to | Enter the error code. Separate multiple keywords with a line break. |
Execution time (Millisecond) | Interval Format | Enter the execution time in the format of M-N, such as 10-100 or 20-200. |
Lock wait time (μs) | Interval Format | Enter the lock wait time in the format of M-N, such as 10-100 or 20-200. |
IO wait time (μs) | Interval Format | Enter the IO wait time in the format of M-N, like 10-100 or 20-200. |
Transaction duration (μs) | Interval Format | Enter the transaction duration in the format of M-N, like 10-100 or 20-200. |
CPU time (μs) | Interval Format | Input the CPU time in the format M-N, for example, 10-100 or 20-200. |
Risk Level | Include
Exclude | Select low risk, medium risk, or high risk to filter the audit logs set by the risk level of the matched rule template. Support is also available for blank inputs, which means filtering audit logs without a risk level TAG from historical data. |
Thread ID | Equal to Not equal to | Enter the Thread ID, separate multiple keywords using a line break. |
Transaction ID | Equal to
Not equal to | Enter the transaction ID, and use a line break to separate multiple keywords. Note: Only MySQL 8.0.30 20230630 and later versions support the "Transaction ID" field. |
Number of scanned rows | Interval Format | Enter the number of lines to be scanned in an M-N format, for example, 10-100 or 20-200. |
Number of affected rows | Interval Format | Enter the number of affected rows in an M-N format, such as 10-100 or 20-200. |
Number of returned rows | Interval Format | Enter the number of rows returned in the format M-N, such as 10-100 or 20-200. |
Audit Rule | Include
Exclude | Displays the Template ID and Template Name of all rule templates in a certain region. You can filter out the audit logs that match this rule template. It accepts blank input, indicative of filtering out audit logs without any audit rule TAG from historical data, and the full audit logs that did not hit any rules. Enables search operations based on Rule Template ID and Rule Template Name for audit rules. Allows selection of multiple rule templates at the same time. |
SELECT
commands.Failed
, there may be too many logs. You can download them in batches by narrowing down the time range.No. | Field | Remarks | |
1 | Time | - | |
2 | Risk Level | Divided into low risk, medium risk, and high risk. For comprehensive audit, logs that do not hit the audit rules will have their risk level displayed as "-". | |
3 | Client IP | - | |
4 | Database Name | - | |
5 | Table Name | A maximum of 64 table names can be recorded. | |
6 | User Account | - | |
7 | SQL Type | - | |
8 | SQL Details | - | |
9 | Error Code | 0 means success | |
10 | Thread ID | - | |
11 | Transaction ID | - | |
12 | Scanned Rows | - | |
13 | Returned Rows | - | |
14 | Affected Rows | - | |
15 | Execution Time (Millisecond) | - | |
16 | CPU Time (μs) | - | |
17 | Lock Wait Time (μs) | - | |
18 | IO Wait Time (μs) | - | |
19 | Transaction Duration (μs) | - | |
20 | Policy Name | - | |
21 | Audit Rule | This displays the rule template that the audit log has hit. By clicking on the corresponding rule template, you can see the specific details of the rule template, including basic information, parameter settings, and modification history. For historical audit logs, the value of the audit rule is displayed as "-". For full audit logs that haven't hit any rules, the value of the audit rule will be displayed as "-". | |
No. | SQL Statement Type | SQL Statement Mapping Object |
0 | OTHER | All other SQL statement types except the following |
1 | SELECT | SQLCOM_SELECT |
2 | INSERT | SQLCOM_INSERT, SQLCOM_INSERT_SELECT |
3 | UPDATE | SQLCOM_UPDATE, SQLCOM_UPDATE_MULTI |
4 | DELETE | SQLCOM_DELETE, SQLCOM_DELETE_MULTI, SQLCOM_TRUNCATE |
5 | CREATE | SQLCOM_CREATE_TABLE, SQLCOM_CREATE_INDEX, SQLCOM_CREATE_DB, SQLCOM_CREATE_FUNCTION, SQLCOM_CREATE_USER, SQLCOM_CREATE_PROCEDURE, SQLCOM_CREATE_SPFUNCTION, SQLCOM_CREATE_VIEW, SQLCOM_CREATE_TRIGGER, SQLCOM_CREATE_SERVER, SQLCOM_CREATE_EVENT, SQLCOM_CREATE_ROLE, SQLCOM_CREATE_RESOURCE_GROUP, SQLCOM_CREATE_SRS |
6 | DROP | SQLCOM_DROP_TABLE, SQLCOM_DROP_INDEX, SQLCOM_DROP_DB, SQLCOM_DROP_FUNCTION, SQLCOM_DROP_USER, SQLCOM_DROP_PROCEDURE, SQLCOM_DROP_VIEW, SQLCOM_DROP_TRIGGER, SQLCOM_DROP_SERVER, SQLCOM_DROP_EVENT, SQLCOM_DROP_ROLE, SQLCOM_DROP_RESOURCE_GROUP, SQLCOM_DROP_SRS |
7 | ALTER | SQLCOM_ALTER_TABLE, SQLCOM_ALTER_DB, SQLCOM_ALTER_PROCEDURE, SQLCOM_ALTER_FUNCTION, SQLCOM_ALTER_TABLESPACE, SQLCOM_ALTER_SERVER, SQLCOM_ALTER_EVENT, SQLCOM_ALTER_USER, SQLCOM_ALTER_INSTANCE, SQLCOM_ALTER_USER_DEFAULT_ROLE, SQLCOM_ALTER_RESOURCE_GROUP |
8 | REPLACE | SQLCOM_REPLACE, SQLCOM_REPLACE_SELECT |
9 | SET | SQLCOM_SET_OPTION, SQLCOM_RESET, SQLCOM_SET_PASSWORD, SQLCOM_SET_ROLE, SQLCOM_SET_RESOURCE_GROUP |
10 | EXECUTE | SQLCOM_EXECUTE |
11 | LOGIN | Database login is not subject to audit rules. |
12 | LOGOUT | Database logout is not subject to audit rules. |
13 | CHANGEUSER | User change is not subject to audit rules. |
Was this page helpful?