DocsICP FilingConsole
官方文档
首页

RDS SQL Server SQL Explorer and Audit

更新时间:
复制 MD 格式
产品详情
我的收藏

In scenarios such as security compliance audits, performance analysis, and troubleshooting, enable SQL Explorer and Audit. After enabling, the system automatically records SQL changes executed in the database kernel and related information (such as execution account, IP address, execution details, etc.). Enabling and using this feature has minimal impact on instance performance and provides reliable data support for querying historical SQL change records and conducting analysis and audits.

Notes

  • Log completeness: In the following extreme scenarios, SQL Explorer and Audit logs may be incomplete or partially lost:

    • The instance load is high, causing performance bottlenecks.

    • The number of SQL requests generated per unit time is very large.

    • The control service component responsible for audit log collection runs abnormally.

Feature overview

  • Audit: Query and export execution records of historical SQL statements, including the associated database, execution status, running time, and other related information.

  • SQL Explorer: Provides SQL health diagnostics, performance issue troubleshooting, and service traffic analysis.

Prerequisites

Billing Details

After enabling SQL Explorer and Audit, the original SQL Audit (Database Audit) stops billing. SQL Explorer and Audit is billed under DAS Enterprise Edition.

Enable SQL Explorer and Audit

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  2. In the navigation pane on the left, choose Autonomy Services > SQL Explorer and Audit.

  3. Click Enable Audit Log, select the features to enable, then click Submit.

    The service activation page has two sections: Audit Scenario and Explorer Scenario. The Audit Scenario includes SQL Logs (captures full SQL details and supports long-term cold storage; you can set the storage duration) and Log Indexing (improves SQL detail retrieval speed from offline to real-time using hot storage; you can set the hot storage duration). The Explorer Scenario includes SQL Explorer (provides global SQL load analysis, abnormal SQL detection, automatic SQL optimization, traffic playback and stress testing, automatic parameter adjustment, and more) and Security Audit (provides audit alerts, audit policy management, anomaly alerts, system whitelist, and other features). Select the required options and click Submit to complete activation.

  4. After activation completes, click OK in the pop-up window.

Use SQL Explorer and Audit

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  2. In the navigation pane on the left, choose Autonomy Services > SQL Explorer and Audit. Use the Audit and SQL Explorer features as needed.

  3. (Available only for Cluster Edition) Select the node to view: You can filter SQL across all nodes in a cluster instance or filter SQL for a specific primary or secondary node. On the Audit tab, use the Select Node drop-down list to filter by All Node IDs, Primary Node, or Secondary Node to view corresponding audit logs. You can also filter logs in the Set Query Conditions section by query mode, time range, keyword, and other criteria.

Modify SQL Explorer and Audit data storage duration

Warning

After reducing the SQL Explorer and Audit data storage duration, DAS immediately deletes SQL audit logs that exceed the new storage duration. Export and save your SQL audit logs locally before reducing the storage duration.

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  2. In the navigation pane on the left, choose Autonomy Services > SQL Explorer and Audit.

  3. Click Service Settings.

  4. On the Full Logs page, modify the storage duration and click Submit.

    Note

    The storage space for SQL Explorer and Audit data is provided by DAS and does not consume storage space on the database instance.

Disable SQL Explorer and Audit

Warning

After disabling SQL Explorer and Audit, all SQL Explorer and Audit logs are deleted. Export and save your logs locally before disabling the feature. When you re-enable SQL Explorer and Audit, logging resumes from the time of re-enabling.

  1. Go to the Instances page. In the top navigation bar, select the region in which the RDS instance resides. Then, find the RDS instance and click the ID of the instance.

  2. In the navigation pane on the left, choose Autonomy Services > SQL Explorer and Audit.

  3. In the Logs section, click Export.

    Select export fields and time range. For SQL Explorer and Audit using hybrid storage of hot and cold data, select a CSV separator when exporting data.

  4. Configure the export task. After export completes, click Task list, download the exported file, and store it securely.

  5. Click Service Settings to disable SQL Explorer and Audit. Clear all selected features and click Submit.

    Important

    Approximately 1 hour after disabling SQL Explorer and Audit, the system releases the storage space used by the data.

FAQ

  • Q: How do I view logs of executed SQL in my SQL Server database? I want to see historical SQL execution records.

  • A: If your RDS instance has SQL Explorer and Audit enabled, use the Audit feature to view and export SQL execution records directly. If the feature is not enabled, you cannot retrieve historical SQL records directly. However, you can restore data to a specific point in time and compare SQL changes across different points to analyze modifications.

    Note

    To better support future SQL analysis and auditing, enable SQL Explorer and Audit as soon as possible. This ensures continuous recording of SQL execution details and provides reliable data for future analysis.

Previous:Monitoring dashboardsNext:Monitoring and alerts