YugabyteDB Audit Log

Introduction

In today’s data-driven world, maintaining security compliance and operational oversight is crucial. Robust audit logs help achieve this by tracking database activities. YugabyteDB offers built-in logging features, which you can further enhance with advanced monitoring solutions.

Native YugabyteDB Audit Capabilities

YSQL Audit Logging

YSQL uses the PostgreSQL Audit Extension v1.7 (pgaudit) to log detailed session and object events in YB-TServer logs. This integration enables comprehensive tracking of database operations.

How to Enable YSQL Audit Logging

1. During Cluster Startup:

--ysql_pg_conf_csv="pgaudit.log='all, -misc',pgaudit.log_parameter=on,pgaudit.log_relation=on"

2. For a Specific Session:

SET pgaudit.log='DDL';
SET pgaudit.log_client=ON;

After configuring, create the pgaudit extension with:

CREATE EXTENSION IF NOT EXISTS pgaudit;

Example: YSQL Audit Log Output

Here’s how YSQL audit logs may appear:

For more details, visit YugabyteDB’s official YSQL audit logging documentation.

YCQL Audit Logging

YCQL provides its own audit logging system, capturing statements and events on each node through YB-TServer logs.

How to Enable YCQL Audit Logging

--ycql_enable_audit_log=true

Supported Audit Categories

• QUERY: Logs SELECT operations
• DML: Tracks INSERT, UPDATE, DELETE actions
• DDL: Captures schema modifications
• DCL: Monitors role and permission changes
• AUTH: Records authentication events
• PREPARE: Logs prepared statement usage

Example: YCQL Audit Log Output

Advanced Auditing with DataSunrise

While YugabyteDB’s native audit features provide strong monitoring, businesses with strict compliance needs can benefit from DataSunrise’s advanced auditing solution.

Key Features of DataSunrise

DataSunrise delivers real-time database activity monitoring by tracking queries, sessions, and performance metrics within a unified framework. Additionally, it enhances security through:

• Dynamic data masking
• Granular access controls
• Proactive threat detection
• Behavioral analytics

How to Set Up DataSunrise for YugabyteDB

1. Create a Database Profile
   Configure connection parameters, enable proxy mode, and set security options for your YugabyteDB instance.

   

2. Define Audit Rules
   Set monitoring parameters, alert conditions, logging settings, and data retention policies.

   

3. Implement Real-Time Monitoring
   Track query patterns, analyze performance, and detect security threats.

   

Conclusion

To achieve effective auditing in YugabyteDB, leverage built-in logging for essential tracking and integrate advanced solutions like DataSunrise for comprehensive security and compliance. This combination ensures robust monitoring with minimal performance impact.

For further guidance on securing and monitoring YugabyteDB, check out the official security documentation or explore DataSunrise’s deployment options.

Interested in DataSunrise’s powerful database security features? Book your personal online demo today.