tencent cloud

TencentDB for MySQL

Release Notes and Announcements
Release Notes
Product Announcements
User Tutorial
Product Introduction
Overview
Strengths
Use Cases
Database Architecture
Resource Isolation Policy
Economical Instance
Feature List
Database Instance
High Availability (Multi-AZ)
Regions and AZs
Service Regions and Service Providers
Kernel Features
Overview
Kernel Version Release Notes
Functionality Features
Performance Features
Security Features
Stability Features
TXRocks Engine
LibraDB Engine
Checking and Fixing Kernel Issues
Purchase Guide
Billing Overview
Selection Guide
Purchase Methods
Renewal
Payment Overdue
Refund
Pay-as-You-Go to Monthly Subscription
Instance Adjustment Fee
Backup Space Billing
Database Audit Billing Overview
Commercial Billing and Activity Description for Database Proxy
Description of the Database Proxy Billing Cycle
Viewing Bills
Getting Started
Overview
Creating MySQL Instance
Connecting to MySQL Instance
SQL Insight (Database Audit)
Overview
Viewing Audit Instance List
Enabling Audit Service
Viewing Audit Log
Log Shipping
Configuring Post-Event Alarms
Modifying Audit Rule
Modifying Audit Services
Disabling Audit Service
Audit Rule Template
SQL Audit Rule (Legacy)
Viewing Audit Task
Authorizing Sub-User to Use Database Audit
MySQL Cluster Edition
Introduction to TencentDB for MySQL Cluster Edition
Creating TencentDB for MySQL Cluster Edition Instance
Maintenance Management Instance
Viewing Instance Monitoring
Adjusting Instance Configuration
Operations for Other Features
Migrate or upgrade to TencentDB for MySQL Cluster Edition
Operation Guide
Use Limits
Operation Overview
Instance Management and Maintenance
Instance Upgrade
CPU Elastic Expansion
Read-Only/Disaster Recovery Instances
Database Proxy
Database Management Center (DMC)
Account Management
Parameter Configuration
Backup and Rollback
Data Migration
Network and Security
Monitoring and Alarms
Log Center
Read-Only Analysis Engine
Tag
Practical Tutorial
Using TencentDB for MySQL to Upgrade MySQL 5.7 to MySQL 8.0
Methods and Instructions for Upgrading from MySQL 5.6 to MySQL 5.7
Cybersecurity Classified Protection Practice for Database Audit of TencentDB for MySQL
Building All-Scenario High-Availability Architecture
Usage Specifications of TencentDB for MySQL
Configuring Automatic Application Reconnection
Impact of Modifying MySQL Source Instance Parameters
Limits on Automatic Conversion from MyISAM to InnoDB
Creating VPCs for TencentDB for MySQL
Enhancing Business Load Capacity with TencentDB for MySQL
Setting up 2-Region-3-DC Disaster Recovery Architecture
Improving TencentDB for MySQL Performance with Read/Write Separation
Migrating Data from InnoDB to RocksDB with DTS
Building LAMP Stack for Web Application
Building Drupal Website
Calling MySQL APIs in Python
The primary and secondary instances have inconsistent query data
White Paper
Performance White Paper
Security White Paper
Troubleshooting
Connections
Performance
Instance Data Sync Delay
Failure to Enable Case Insensitivity
Failure to Obtain slow_query_log_file via a Command
API Documentation
History
Introduction
API Category
Instance APIs
Making API Requests
Data Import APIs
Database Proxy APIs
Database Audit APIs
Security APIs
Task APIs
Backup APIs
Account APIs
Rollback APIs
Parameter APIs
Database APIs
Monitoring APIs
Log-related API
Data Types
Error Codes
FAQs
Related to Selection
Billing
Backup
Rollback
Connection and Login
Parameter Modifications
Instance Upgrade
Account Permissions
Performance and Memory
Ops
Data Migration
Features
Console Operations
Logs
Event
Database audit
Instance Switch Impact
API 2.0 to 3.0 Switch Guide
Service Agreement
Service Level Agreement
Terms of Service
Reference
Standards and Certifications
Contact Us
Glossary
DocumentationTencentDB for MySQLSQL Insight (Database Audit)Enabling Audit Service

Enabling Audit Service

PDF
Focus Mode
Font Size
Last updated: 2025-11-28 18:13:26
Tencent Cloud provides database audit capabilities for TencentDB for MySQL, which can record accesses to databases and executions of SQL statements to help you manage risks and improve the database security.

Prerequisite

You have created a MySQL instance. For more information, see Creating MySQL Instance.

Supported Versions and Architectures

Database audit currently supports database kernel versions MySQL 5.6 20180122 and later versions, MySQL 5.7 20190429 and later versions, and MySQL 8.0 20210330 and later versions.
The supported instance architectures include two-node, three-node, and Cluster Edition. Read-only instances are also supported for database audit.
TencentDB for MySQL 5.5 instances, TencentDB for MySQL single-node (cloud disk) instances, the read-only analysis engine, and two-node economical instances do not support database audit.

Directions

1. Log in to the TencentDB for MySQL console.
2. On the left sidebar, click Database Audit.
3. Select a region at the top, click the Audit Log Storage Status field on the Audit Instance page, and select Disabled to filter instances with the audit service disabled.
4. Find the target instance in the audit instance list, or search for it by resource attribute in the search box, and click Enable Database Audit in the Operation column.
Note:
You can batch enable the audit service for multiple target instances by selecting them in the audit instance list and clicking Enable Database Audit above the list.

5. On the page for enabling the audit service, sequentially complete the audit instance selection, audit type settings, audit service settings, and advanced performance analysis settings. Read and check the Tencent Cloud Service Agreement, then click OK.
5.1 Audit instance selection In the Select Audit Instance section, all instances selected in step 4 are selected by default. You can select other or more target instances in this window or search for target instances by instance ID/name in the search box. Then, set the audit rule.

5.2 Audit rule settings In the Audit Rule Settings section, select Full Audit or Rule-Based Audit. Their differences are as detailed below:
Parameter
Description
Full audit
Full audit records all database accesses and SQL statement executions.
Rule-based audit
Rule auditing will chronicle the access to the database and the execution of SQL statements, in accordance with the bespoke audit rules.

When the audit type is set to full audit
, there are two actual operational scenarios in the console, for which you may refer to the corresponding procedures.
Choose from existing rule templates or decide to create a new rule template. For detailed steps on creating a new template, please refer to Creating Rule Templates.
After completing the rule template configuration, proceed to the Audit Service Configuration step.
Note:
You may apply up to five rule templates, and the relationship between different rule templates is of 'or' nature.
The rule templates are intended for instances with 'Full Audit' type, serving the sole purpose of assigning risk levels and alert policies to audit logs that match the rules of the template. The audit logs that do not match the rules will still be preserved.
If you select Rule-Based Audit, you need to select Create rule or Select from rule templates. If you select an existing rule from rule templates, you can directly configure audit. If there are no appropriate rule templates, you can create a new one, refresh the page, and select it. For detailed directions, see Creating Rule Template.
Note:
You may apply up to five rule templates, with the relationship between different rule templates being "or".
Rule templates are targeted at instances with the audit type of "rule audit". They are used for retaining audit logs that hit the template rules, setting risk levels, and establishing alarm strategies. Audit logs that do not hit the rule content are no longer retained.
5.3 
Audit service settings
In the Configure Audit section, set Log Retention Period, Frequent Access Storage Period, and Infrequent Access Storage Period, read and indicate your content to the Tencent Cloud Terms of Service, and click OK.

Parameter
Description
Log Retention Period
The audit log retention period in days, which can be 7, 30, 90, 180, 365, 1,095, or 1,825 days.
Frequent Access Storage Period
Frequent access storage has the best query performance as it uses ultra-high-performance storage media. Audit data is initially stored in frequent access storage for the time period specified here, after which it is automatically transitioned to infrequent access storage. These two storage types only differ in performance but both support auditing. For example, if the log retention period is set to 30 days, and frequent access storage period is set to 7 days, then the infrequent access storage period will be 23 days by default.
5.4 Advanced performance analysis
SQL Analysis: TencentDB for DBbrain provides comprehensive capabilities for locating and analyzing database issues based on the database audit. It supports the localization of abnormal SQL queries, SQL template aggregation statistics, and multi-dimensional performance comparison. This option is enabled by default and can be manually disabled. Once the option is disabled, the SQL analysis capability is disabled.
Note:
The SQL analysis feature is currently in open beta and is available for a free trial. Once the beta phase concludes, TencentDB for DBbrain will officially introduce a commercial billing plan. You can refer to the official announcement for specific pricing details at that time. For more details about SQL analysis, see SQL Analysis (MySQL).
Previous Topic: Viewing Audit Instance ListNext Topic: Viewing Audit Log

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback