DataSunrise Achieves AWS DevOps Competency Status in AWS DevSecOps and Monitoring, Logging, Performance

This website stores cookies to collect information about how you interact with our website. To find out more visit our Privacy Policy.

YugabyteDB Audit Log

Introduction

In today’s data-driven world, maintaining security compliance and operational oversight is crucial. Robust audit logs help achieve this by tracking database activities. YugabyteDB offers built-in logging features, which you can further enhance with advanced monitoring solutions.

Native YugabyteDB Audit Capabilities

YSQL Audit Logging

YSQL uses the PostgreSQL Audit Extension v1.7 (pgaudit) to log detailed session and object events in YB-TServer logs. This integration enables comprehensive tracking of database operations.

How to Enable YSQL Audit Logging

  1. During Cluster Startup:
--ysql_pg_conf_csv="pgaudit.log='all, -misc',pgaudit.log_parameter=on,pgaudit.log_relation=on"
  1. For a Specific Session:
SET pgaudit.log='DDL';
SET pgaudit.log_client=ON;

After configuring, create the pgaudit extension with:

CREATE EXTENSION IF NOT EXISTS pgaudit;

Example: YSQL Audit Log Output

Here’s how YSQL audit logs may appear:

log_timeuserdatabasecommandobjectdetails
2025-02-16 14:32:45alicesalesdbDDLorders tableCREATE TABLE orders (id INT);
2025-02-16 15:01:12bobhrdbDMLemployeesUPDATE employees SET salary=5000;

For more details, visit YugabyteDB’s official YSQL audit logging documentation.

YCQL Audit Logging

YCQL provides its own audit logging system, capturing statements and events on each node through YB-TServer logs.

How to Enable YCQL Audit Logging

--ycql_enable_audit_log=true

Supported Audit Categories

  • QUERY: Logs SELECT operations
  • DML: Tracks INSERT, UPDATE, DELETE actions
  • DDL: Captures schema modifications
  • DCL: Monitors role and permission changes
  • AUTH: Records authentication events
  • PREPARE: Logs prepared statement usage

Example: YCQL Audit Log Output

log_timenodeclient_ipoperationkeyspacetabledetails
2025-02-16 13:45:23node1192.168.1.10QUERYecommerceproductsSELECT * FROM products WHERE category = 'electronics';
2025-02-16 14:15:50node3192.168.1.12DMLbankingaccountsINSERT INTO accounts (id, balance) VALUES (1, 1000);

Advanced Auditing with DataSunrise

While YugabyteDB’s native audit features provide strong monitoring, businesses with strict compliance needs can benefit from DataSunrise’s advanced auditing solution.

DataSunrise proxy managing multiple database connections
DataSunrise proxy managing multiple YugabyteDB connections

Key Features of DataSunrise

DataSunrise delivers real-time database activity monitoring by tracking queries, sessions, and performance metrics within a unified framework. Additionally, it enhances security through:

How to Set Up DataSunrise for YugabyteDB

  1. Create a Database Profile
    Configure connection parameters, enable proxy mode, and set security options for your YugabyteDB instance.

    DataSunrise Database instance connection
    DataSunrise Database connection settings for YugabyteDB instance

  2. Define Audit Rules
    Set monitoring parameters, alert conditions, logging settings, and data retention policies.

    DataSunrise Audit Rule Advanced Filters
    Audit rule creation with advanced filters in DataSunrise

  3. Implement Real-Time Monitoring
    Track query patterns, analyze performance, and detect security threats.

    DataSunrise Performance Monitoring
    DataSunrise performance dashboard for YugabyteDB queries

Conclusion

To achieve effective auditing in YugabyteDB, leverage built-in logging for essential tracking and integrate advanced solutions like DataSunrise for comprehensive security and compliance. This combination ensures robust monitoring with minimal performance impact.

For further guidance on securing and monitoring YugabyteDB, check out the official security documentation or explore DataSunrise’s deployment options.

Interested in DataSunrise’s powerful database security features? Book your personal online demo today.

Next

YugabyteDB Audit Tools

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Sales:
[email protected]
Customer Service and Technical Support:
support.datasunrise.com
Partnership and Alliance Inquiries:
[email protected]