SQL audit

The SQL audit feature is designed to help you quickly identify SQL statements that may have potential issues, and enhance security audit capability. This feature supports querying SQL statements by user, IP address, or operation type, and also supports exporting query results. This topic introduces the specific operation steps for you.

Considerations

SQL audit is a paid feature. The fees vary by cloud vendor, region, and billing item. For details, see SQL audit billing.

Enable SQL audit

1. Log in to the OceanBase Cloud console.

2. In the left-side navigation pane, click Instances.

3. In the instance list, find the target instance, click the instance name, and go to the Overview page of the instance.

4. In the left-side navigation pane, click Diagnostics, and then select the Real-Time Diagnostics tab on the Diagnostics page.

5. In the lower part of the page, click the SQL Audit tab.

6. Select a tenant in the middle part of the page.

7. On the SQL Audit tab, click Enable SQL Audit.

8. Configure Open Object in the pop-up window. After you select this option, SQL audit is enabled for all tenants in the instance.

9. In the pop-up window, configure the SQL audit push settings and then click Enable:

   • OB Cloud | Parameter | Description | |----------|-----------------------------------------------| | Total Storage Duration | SQL execution records can be stored for 7 to 720 days. Records exceeding the set time will be deleted. | | Hot Storage Duration | After the hot storage duration is exceeded, SQL execution records will be automatically stored in cold storage. |

   • Alibaba Cloud SLS | Parameter | Description | |----------|-----------------------------------------------| | Project | The name of the SLS project. | | Logstore | The name of the SLS logstore. | | AccessKey ID | The ID of the SLS access key, which is used to identify the user. | | AccessKey Secret | The key used to encrypt the signature string and verify the signature string. This key must be kept confidential. |

View and download SQL audit records

1. On the SQL Audit tab, click Expand.

2. Filter the SQL audit records by filter items, which are optional.

   Filter item	Description
   Database	Select one or more databases in the tenant to view.
   Node	Select one or more nodes to view.
   Keyword	Enter the keywords that may exist in the SQL statements to view. You can enter multiple keywords, and the keywords are connected by AND or OR.
   Username	Enter the name of one or more tenants to view.
   Operation Type	Select one or more operation types to view.
   Client IP	Enter the IP address of the client to view.
   Scanned Records	Enter the number of scanned records to view.
   Execution Duration (ms)	Enter the execution time range of the SQL statements.
   Time Range	Select the time range in which the SQL statements are executed. The time range cannot exceed 6 hours.

3. View the following information in the query results: SQL Statement, Database, User, Client IP, Operation Type, Execution Result, Request Time, Execution Duration (ms), Scanned Rows, and Updated Rows.

4. Click the download icon on the right side to download the query results.

   Note

   Currently, a maximum of 100 audit records can be downloaded. If the number of audit records exceeds 100, only the first 100 records will be downloaded in the order of page sorting.

Modify SQL audit settings

1. On the SQL Audit tab, click Service Settings.

2. Modify the related parameter settings in the pop-up window and click OK.

Disable SQL audit

1. On the SQL Audit tab, click Disable Service.

2. Enter close in the text box of the pop-up window and click Close.