Skip to content

Commit d147277

Browse files
qiancaiqiancai
committed
Create serverless-audit-logging.md
1 parent 3c4f6df commit d147277

File tree

1 file changed

+53
-0
lines changed

1 file changed

+53
-0
lines changed

tidb-cloud/serverless-audit-logging.md

Lines changed: 53 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
---
2+
title: TiDB Cloud Serverless Database Audit Loging
3+
summary: Learn about how to audit a serverless cluster in TiDB Cloud.
4+
---
5+
6+
# TiDB Cloud Serverless Database Audit Loging
7+
8+
TiDB Cloud Serverless provides you with a database audit logging feature to record a history of user access details (such as any SQL statements executed) in logs.
9+
10+
> **Note:**
11+
>
12+
> Currently, the database audit logging feature is only available upon request. To request this feature, click **?** in the lower-right corner of the [TiDB Cloud console](https://tidbcloud.com) and click **Request Support**. Then, fill in "Apply for TiDB Cloud Serverless database audit logging" in the **Description** field and click **Submit**.
13+
14+
To assess the effectiveness of user access policies and other information security measures of your organization, it is a security best practice to conduct a periodic analysis of the database audit logs.
15+
16+
The audit logging feature is disabled by default. To audit a cluster, you need to enable the audit logging.
17+
18+
## Enable audit logging
19+
20+
Use the [TiDB Cloud CLI](/tidb-cloud/cli-reference.md) to enable the audit logging feature for a TiDB Cloud Serverless cluster.
21+
22+
```shell
23+
ticloud serverless audit-log enable --cluster-id <cluster-id>
24+
```
25+
26+
To disable the audit logging for a TiDB Cloud Serverless cluster, using the [TiDB Cloud CLI](/tidb-cloud/cli-reference.md)
27+
28+
```shell
29+
ticloud serverless audit-log disable --cluster-id <cluster-id>
30+
```
31+
32+
33+
## Configure audit logging
34+
35+
### Redacted
36+
37+
TiDB Cloud Serverless redacts sensitive data in the audit logs by default. For example, the following SQL statement:
38+
39+
```sql
40+
INSERT INTO `test`.`users` (`id`, `name`, `password`) VALUES (1, 'Alice', '123456');
41+
```
42+
43+
is redacted as follows:
44+
45+
```sql
46+
INSERT INTO `test`.`users` (`id`, `name`, `password`) VALUES ( ... );
47+
```
48+
49+
If you want to disable the redaction, using the [TiDB Cloud CLI](/tidb-cloud/cli-reference.md)
50+
51+
```shell
52+
ticloud serverless audit-log config --cluster-id <cluster-id> --unredacted
53+
```

0 commit comments

Comments
 (0)