SQL Explorer and Audit

更新时间:
复制 MD 格式

SQL Explorer and Audit gives you full visibility into SQL activity on your Database Autonomy Service (DAS) instance running ApsaraDB RDS for MySQL. Use it to retain a complete SQL audit trail, report on database activity and traffic patterns, and analyze performance issues and security threats — including SQL injection attacks and anomalous access sources.

In this topic:

Prerequisites

Before you begin, make sure you have:

  • An ApsaraDB RDS for MySQL instance

  • DAS Enterprise Edition activated for the instance

If DAS Enterprise Edition is already activated for your instance, SQL Explorer and Audit is enabled automatically. No additional steps are required. For details, see the "Enable DAS Enterprise Edition" section of Enable and manage DAS Economy Edition and DAS Enterprise Edition.

For supported databases, regions, and billing details, see DAS editions and supported features and Billing overview.

Enable SQL Explorer and Audit

  1. Log on to the DAS console.

  2. In the left-side navigation pane, click Instance Monitoring.

  3. Find the instance you want to manage and click its instance ID.

  4. In the left-side navigation pane, choose Request Analysis > SQL Explorer and Audit.

  5. On the SQL Explorer and Audit page, click Enable. If DAS Enterprise Edition is not yet activated for your account, activate it as prompted. For details, see the "Enable DAS Enterprise Edition" section of Enable and manage DAS Economy Edition and DAS Enterprise Edition.

What SQL Explorer and Audit provides

After SQL Explorer and Audit is enabled, navigate to Request Analysis > SQL Explorer and Audit to access the following features:

FeatureWhat it does
SearchRetain a full audit trail: query and export SQL statements along with execution metadata — database name, request status, and execution duration. For details, see Search (Audit).
SQL ExplorerReport on database activity: diagnose SQL health, troubleshoot performance issues, and analyze business traffic patterns. For details, see SQL Explorer.
Security auditAnalyze security risks: automatically detect high-risk SQL statements, SQL injection attacks, and new access sources. For details, see Security audit.
Traffic playback and stress testingValidate capacity: replay production traffic against your instance to determine whether you need to scale up or scale out before peak hours. For details, see Traffic playback and stress testing.
SQL ReviewRun global workload analysis to identify suspicious SQL statements and get optimization suggestions. For details, see SQL Review.
Transaction analysisRetrieve transaction type, count, and details for a thread within a specified time range — useful for optimizing database performance at the transaction level. For details, see Transaction analysis.
Quick transaction analysisIdentify the start and end SQL statements of the transaction that contains a target SQL statement, and check its commit or rollback status. For details, see Quick transaction analysis.

Change the storage duration

Warning

Reducing the storage duration immediately deletes audit logs older than the new limit. Export your audit logs before reducing the storage duration.

The storage space used by SQL Explorer and Audit is provided by DAS and does not consume your database instance's storage.
  1. Log on to the DAS console.

  2. In the left-side navigation pane, click Instance Monitoring.

  3. Find the instance you want to manage and click its instance ID.

  4. In the left-side navigation pane, choose Request Analysis > SQL Explorer and Audit.

  5. Click the SQL Explorer tab, then click Service Settings.

  6. In the panel that appears, update the storage duration and click Submit. If you have activated DAS Enterprise Edition V3, you can set the storage duration separately for each sub-feature.

You can also change the storage duration on the DAS Professional Edition Management page. For details, see Enable and manage DAS Economy Edition and DAS Enterprise Edition.

Disable SQL Explorer and Audit

Disabling SQL Explorer and Audit stops log collection and clears all stored audit logs. Your business is not affected.

Export your audit logs before disabling the feature.

Step 1: Export your audit logs

  1. Log on to the DAS console.

  2. In the left-side navigation pane, click Instance Monitoring.

  3. Find the instance you want to manage and click its instance ID.

  4. In the left-side navigation pane, choose Request Analysis > SQL Explorer and Audit.

  5. Click the Search tab.

  6. In the Logs section, click Export.

  7. In the dialog box, configure Exported Fields and Export Time Range, then click OK.

  8. Download the exported file. The download location depends on your DAS Enterprise Edition version:

    • Click View Exported Logs on the Search tab, then download the file.

    • Or, download the file from the Task list tab.

Step 2: Disable the feature

  1. Click Service Settings.

  2. In the panel that appears, disable SQL Explorer and Audit. If you have activated DAS Enterprise Edition V3, select all sub-features of SQL Explorer and Audit to disable them.

The storage space occupied by SQL Explorer and Audit is released one hour after the feature is disabled. If you re-enable the feature later, audit logs are collected from the re-enable point in time only.