Search Item | Operator | Description |
SQL Details | Include-OR-Segment | Rule Description Enter the details of the SQL command and separate multiple keywords by line break. The match items in the SQL command details search box are divided into three levels. The first level sets the forward and reverse matching modes (Include, Exclude); the second level sets the logical relationship between keywords (OR, AND); the third level sets each keyword matching mode (Segment, Wildcard). Note: The search of SQL command details is case-insensitive. Include and Exclude match modes are supported. Keywords support "OR" and "AND" logical match. "OR" means a "union" relationship between different keywords, and "AND" means an "intersection" relationship between different keywords. Each keyword supports two match modes: "segment" and "wildcard". "Segment" means that each keyword in the SQL command details needs to be accurately matched, and "wildcard" means that fuzzy match is supported for each keyword in the SQL command details. Example For example, if the SQL command details are SELECT * FROM test_db1 join test_db2 LIMIT 1; ,In the "Include (segment)" search mode, you can search by segment keywords such as "SELECT", "select from", "", "SELECT * FROM test_db LIMIT 1;", "from Test_DB". However, you can't search by wildcard keywords such as "SEL", "sel", and "test". In the "Include (wildcard)" search mode, you can't search by wildcard keywords such as "SEL", "sel", "test", and "DB". In the "Include (AND)" search mode, multiple keywords are in an "AND" relationship, which means you can query all SQL commands containing "SELECT" and "test_db" by entering keywords such as "SELECT" and "test_db". In the "Include (OR)" search mode, multiple keywords are in an "OR" relationship, which means you can query all SQL commands containing "test_db1" and "test_db2" by entering keywords such as "test_db1" and "test_db2". |
| Include-AND-Segment | |
| Exclude-AND-Segment | |
| Include-OR-Wildcard | |
| Include-AND-Wildcard | |
| Exclude-AND-Wildcard | |
Client IP | Include
Exclude
Equal to
Not equal to | You can filter client IP addresses by using the wildcard "" and separate them by line break. For example, if you enter "client IP: 9.223.23.2", IP addresses that start with "9.223.23.2" will be searched. |
User Account | Include
Exclude
Equal to
Not equal to | Enter a user account and separate multiple keywords by line break. |
Database Name | Include
Exclude
Equal to
Not equal to | Enter a database name and separate multiple keywords by line break. Note: The search of database name is case-insensitive. |
SQL Type | Equal to
Not equal to | Pull down the list to select a SQL type (ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGOUT, OTHER, REPLACE, SELECT, SET, UPDATE). You can select multiple types. |
Error Code | Equal to
Not equal to | Enter an error code and separate multiple keywords by line break. |
Audit Rule | Include
Exclude | Displays the template IDs and names of all the rule templates in a certain region. You can filter audit logs that match this rule template based on the rule template. Supports input as null, indicating the filtration of all the audit logs without audit rule tags in the historical inventory and the full audit logs that don't meet rules. Supports the search for audit rules according to rule template ID and name. Supports the selection of multiple rule templates at the same time. |
Execution Time (μs) | Range format | Enter an execution time in the format of M-N, such as 10-100 or 20-200. |
Lock Wait Time (μs) | Range format | Enter a lock wait time in the format of M-N, such as 10-100 or 20-200. |
IO Wait Time (μs) | Range format | Enter an IO wait time in the format of M-N, such as 10-100 or 20-200. |
Transaction Duration (μs) | Range format | Enter a transaction duration in the format of M-N, such as 10-100 or 20-200. |
CPU Time (μs) | Range format | Enter a CPU time in the format of M-N, such as 10-100 or 20-200. |
Thread ID | Equal to Not equal to | Enter a thread ID and separate multiple keywords by line break. |
Scanned Rows | Range format | Enter a range of scanned rows in the format of M-N, such as 10-100 or 20-200. |
Affected Rows | Range format | Enter a range of affected rows in the format of M-N, such as 10-100 or 20-200. |
Returned Rows | Range format | Enter a range of returned rows returned in the format of M-N, such as 10-100 or 20-200. |
Risk Level | Include
Exclude | Select low risk, medium risk, or high risk to filter audit logs that meet the risk level settings of rule templates. Also supports input as null, indicating the filtration of audit logs without risk level tags in the historical inventory. |
SELECT
commands.Failed
, there may be too many logs. You can download them in batches by narrowing down the time range.No. | Field | Remarks |
1 | Time | - |
2 | Risk Level | It is classified into low risk, medium risk, and high risk. For Full Audit, the risk level will be displayed as "-" for logs that do not meet the audit rules. |
3 | Client IP | - |
4 | Database Name | - |
5 | User Account | - |
6 | SQL Type | - |
7 | SQL Details | - |
8 | Error Code | 0 means success |
9 | Thread ID | - |
10 | Scanned Rows | - |
11 | Returned Rows | - |
12 | Affected Rows | - |
13 | Execution Time (μs) | - |
14 | CPU Time (μs) | - |
15 | Lock Wait Time (μs) | - |
16 | IO Wait Time (μs) | - |
17 | Transaction Duration (μs) | - |
18 | Policy Name | - |
19 | Audit Rule | It displays the rule template that the audit log meets. Upon clicking the corresponding rule template, the details of the rule template will be displayed, including the basic information, the parameter settings, and the modification record. The value of the audit rule for the audit logs in the historical inventory is displayed as "-". The value of the audit rule for the audit logs that don't meet rules is displayed as "-". |
No. | SQL Statement Type | SQL Statement Mapping Object |
0 | OTHER | All other SQL statement types except the following |
1 | SELECT | SQLCOM_SELECT |
2 | INSERT | SQLCOM_INSERT, SQLCOM_INSERT_SELECT |
3 | UPDATE | SQLCOM_UPDATE, SQLCOM_UPDATE_MULTI |
4 | DELETE | SQLCOM_DELETE, SQLCOM_DELETE_MULTI, SQLCOM_TRUNCATE |
5 | CREATE | SQLCOM_CREATE_TABLE, SQLCOM_CREATE_INDEX, SQLCOM_CREATE_DB, SQLCOM_CREATE_FUNCTION, SQLCOM_CREATE_USER, SQLCOM_CREATE_PROCEDURE, SQLCOM_CREATE_SPFUNCTION, SQLCOM_CREATE_VIEW, SQLCOM_CREATE_TRIGGER, SQLCOM_CREATE_SERVER, SQLCOM_CREATE_EVENT, SQLCOM_CREATE_ROLE, SQLCOM_CREATE_RESOURCE_GROUP, SQLCOM_CREATE_SRS |
6 | DROP | SQLCOM_DROP_TABLE, SQLCOM_DROP_INDEX, SQLCOM_DROP_DB, SQLCOM_DROP_FUNCTION, SQLCOM_DROP_USER, SQLCOM_DROP_PROCEDURE, SQLCOM_DROP_VIEW, SQLCOM_DROP_TRIGGER, SQLCOM_DROP_SERVER, SQLCOM_DROP_EVENT, SQLCOM_DROP_ROLE, SQLCOM_DROP_RESOURCE_GROUP, SQLCOM_DROP_SRS |
7 | ALTER | SQLCOM_ALTER_TABLE, SQLCOM_ALTER_DB, SQLCOM_ALTER_PROCEDURE, SQLCOM_ALTER_FUNCTION, SQLCOM_ALTER_TABLESPACE, SQLCOM_ALTER_SERVER, SQLCOM_ALTER_EVENT, SQLCOM_ALTER_USER, SQLCOM_ALTER_INSTANCE, SQLCOM_ALTER_USER_DEFAULT_ROLE, SQLCOM_ALTER_RESOURCE_GROUP |
8 | REPLACE | SQLCOM_REPLACE, SQLCOM_REPLACE_SELECT |
9 | SET | SQLCOM_SET_OPTION, SQLCOM_RESET, SQLCOM_SET_PASSWORD, SQLCOM_SET_ROLE, SQLCOM_SET_RESOURCE_GROUP |
10 | EXECUTE | SQLCOM_EXECUTE |
11 | LOGIN | Database login is not subject to audit rules. |
12 | LOGOUT | Database logout is not subject to audit rules. |
13 | CHANGEUSER | User change is not subject to audit rules. |
Was this page helpful?