Lindorm records SQL operations as audit logs, letting you search and filter SQL activity by time range, user, database, and other dimensions.
Prerequisites
Before you begin, ensure that you have:
LindormTSDB database engine version 3.4.25 or later
To check or upgrade your current version, see LindormTSDB version guide and Minor version update.
Audit log types
Lindorm captures three categories of SQL operations:
| Category | Full name | Recorded statements | Excluded statements |
|---|---|---|---|
| DDL | Data Definition Language | CREATE DATABASE, CREATE TABLE, ALTER TABLE, DROP TABLE | — |
| DML | Data Manipulation Language | SELECT, DELETE | INSERT |
| DCL | Data Control Language | GRANT, REVOKE | — |
INSERT operations are excluded from DML audit logs. Design your audit strategy with this boundary in mind.
Audit log retention period
The default log retention period is 180 days. Logs are automatically deleted when the retention period ends.
To change the retention period, see How to change the data retention period.
View audit logs
Log on to the Lindorm console. In the upper-left corner, select the region of the instance. On the Instances page, click the instance ID or click View Instance Details in the Actions column.
In the left navigation pane, click Time Series Engine, then click Audit Logs. For query syntax and analysis options, see View and analyze logs.
Audit log fields
Each audit log entry contains the following fields:
| Field | Description |
|---|---|
content | The content of the request, such as a specific SQL statement |
database | The name of the database |
instance_id | The ID of the Lindorm instance |
ip | The IP address of the client |
method | The request method |
requestId | The request ID |
requestTimeMs | The response time, in milliseconds (ms) |
status | The status code |
uri | The URL of the request |
userAgent | The user agent of the client |
userName | The username that initiated the request |