Database Auditing
다운로드
포커스 모드
폰트 크기
Note:
The Database Audit feature is currently available only for the Mainland China site. It is being gradually rolled out to international sites.
TDSQL Boundless provides Database Audit capabilities. It logs database access and SQL statement execution to help enterprises control risks and enhance data security levels.
Enabling SQL Audit
1. Log in to TDSQL Boundless console.
2. In the left sidebar, select Database Audit.
3. After a region is selected above, on the Audit Instance page, click Audit Log Storage Status and select the Disabled option to filter instances with audit not enabled.
4. Enable Database Audit.
Enable a single audit service: In the audit instance list, select the target instance and click Operation > Enable Database Audit.
Batch enable audit service: On the audit instance list page, select multiple target instances and click Enable Database Audit.
5. On the Enable Database Audit page, select audit instances, configure audit service settings, read and select the Tencent Cloud Terms of Service, and click OK.
Viewing Audit Logs
After audit is enabled, you can filter instances with audit enabled on the Audit Log page to view audit logs.
Tool | Description |
Refreshing | Click  |
Customize List Fields | Click  |
Download | Click  |
File List | Click  Currently, only Tencent Cloud private network addresses are provided for downloading log files. You can download files via a Tencent Cloud CVM instance in the same region. (For example, to download the audit logs of a database instance in the Beijing region, use a CVM instance in the Beijing region.) Log files are valid for 24 hours. You should download them promptly. The number of log files for each database instance should not exceed 30. You need to delete the log files after download. If the displayed status is Failed, there may be too many logs. You can narrow the time range to download log files in batches. |
Search Field Descriptions
Search Field | Matching Rule | Description |
Audit Instance | - | Select or switch to another audit instance with audit service enabled. |
Time Range | - | The default selection is the last 1 hour. You can quickly select other time ranges (last 3 hours, last 12 hours, last 24 hours, last 7 days). Custom time ranges are also supported. You can view the relevant audit logs within the selected time range. Note: The system supports displaying a maximum of the first 60,000 records that meet the criteria. |
SQL Details | Include -Or-Segment | Rule Description Enter SQL command details. Separate multiple keywords with line breaks. The SQL command details search box features a three-tiered matching mechanism: the first tier configures positive/negative matching modes (include, exclude); the second tier sets logical operators (OR, AND) between keywords; the third tier defines the matching pattern (segment, wildcard) for each keyword. Note: The search for SQL command details is case-insensitive. The system supports two positive/negative matching modes: "include" and "exclude". Keywords support "OR" and "and" logical operators; "Or" represents a union relationship between different keywords, while "and" represents an intersection relationship between different keywords. Each keyword supports "Segment" and "Wildcard" matching modes; "Segment" indicates exact matching for each keyword in SQL command details, while "Wildcard" allows fuzzy matching for each keyword in SQL command details. Example Description Assume the SQL command details are: SELECT * FROM test_db1 join test_db2 LIMIT 1; In "Include (Segment)" search mode, you can search using tokenized keywords such as "SELECT", "select * from", "*", "SELECT * FROM test_db1 join test_db2 LIMIT 1;", "from Test_DB1", but cannot search using wildcard keywords like "SEL", "sel", or "test". In the "Include (Wildcard)" search mode, you can search using wildcard keywords such as "SEL", "sel", "test", "DB". In the "Include (and)" search mode, multiple keywords are in an AND relationship; for example, entering keywords such as "SELECT" and "test_db" will retrieve all SQL commands containing both "SELECT" and "test_db". In the "Include (Or)" search mode, multiple keywords are in an OR relationship; for example, entering keywords such as "test_db1" or "test_db2" will retrieve all SQL commands containing either "test_db1" or "test_db2". |
| Include-and-Segment | |
| Exclude-and-Segment | |
| Include-Or-Wildcard | |
| Include-and-Wildcard | |
| Exclude-and-Wildcard | |
Client IP | Include Exclude Equal to Not equal to | Enter the client IP address. Separate multiple keywords with line breaks. The asterisk (*) can be used as a wildcard for filtering IP addresses. For example, if you search for client IP address: 10.223.23.2*, it matches IP addresses starting with 10.223.23.2. |
User Account | Include Exclude Equal to Not equal to | Enter the user account. Separate multiple keywords with line breaks. |
Database name | Include Exclude Equal to Not equal to | Enter the database name. Separate multiple keywords with line breaks. Note: The search for database names is case-insensitive. |
Returned Rows | Range format | Enter the number of returned rows in the format M-N, such as 10-100 or 20-200. Note: The returned rows field indicates the specific number of rows returned by the executed SQL. It is primarily used to assess the impact of SELECT-type SQL statements. |
Execution Time (s) | Range format | Enter the execution time in the format M-N, such as 10-100 or 20 -200. |
Lock Wait Time (s) | Range format | Enter the lock wait time in the format M-N, such as 10-100 or 20-200. |
Scanned Rows | Range format | Enter the number of scanned rows in the format M-N, such as 10-100 or 20-200. |
Thread ID | Include Exclude Equal to Not equal to | Enter the thread ID. Separate multiple keywords with line breaks. |
Transaction ID | Include Exclude Equal to Not equal to | Enter the transaction ID. Separate multiple keywords with line breaks. |
Affected Rows | Range format | Enter the number of affected rows in the format M-N, such as 10-100 or 20-200. |
피드백