ScyllaDB Data Activity History

ScyllaDB offers robust auditing capabilities to monitor and record data activity history across its clusters. By leveraging both native ScyllaDB features and third-party tools like DataSunrise, administrators can achieve detailed insights into database activity. This article explores ScyllaDB’s native data auditing capabilities and provides a brief overview of DataSunrise’s extended auditing features for ScyllaDB.

Native ScyllaDB Data Activity History

What Is Native Data Auditing in ScyllaDB?

Native data auditing in ScyllaDB allows administrators to track activities such as queries, data modifications, and user logins. Available in Scylla Enterprise, this feature ensures compliance, enhances security, and provides transparency into database operations.

Key Features of ScyllaDB Native Auditing

• Auditing Categories: Includes DML (Data Manipulation), DDL (Data Definition), DCL (Data Control), AUTH (Authentication), and QUERY (All Queries).
• Configurable Storage:Audit logs can be stored in a dedicated table or sent to Syslog for external logging.
• Customizable Filters: Administrators can specify which keyspaces, tables, or operations to audit.

Setting Up ScyllaDB Data Auditing

Step 1: Configuring the Audit Settings

Edit the scylla.yaml configuration file to enable and configure auditing.

Example Configuration:

# Enable auditing (default: none)
audit: "table" # Options: none, table, syslog
# Define categories to audit
audit_categories: "DCL,DDL,AUTH"
# Specify keyspaces and tables to audit
audit_keyspaces: "mykeyspace"
audit_tables: "mykeyspace.mytable"

Step 2: Restart the Scylla Server

Apply the changes by restarting the ScyllaDB node:

sudo systemctl restart scylla-server

Step 3: Viewing Audit Logs

For Table Storage: Query the audit.audit_log table.

 SELECT * FROM audit.audit_log;

For Syslog: Review the logs in your configured syslog file. Example log entry:

 Mar 18 09:53:52 scylla-audit[28387]: "127.0.0.1", "DDL", "ONE", "mytable", "mykeyspace", "DROP TABLE mykeyspace.mytable;", "admin"

Example: Auditing Data Modifications

Step 1: Enable DML Auditing

Configure scylla.yaml to log all DML operations:

audit_categories: "DML"
audit_keyspaces: "sales"

Step 2: Perform a Data Operation

Insert a record into a table:

INSERT INTO sales.orders (id, customer, total) VALUES (1, 'John Doe', 100.00);

Step 3: View the Audit Log

Query the audit.audit_log table to see the activity:

SELECT * FROM audit.audit_log WHERE keyspace_name = 'sales';

Result:

Using DataSunrise for ScyllaDB Data Activity History

Advanced Auditing with DataSunrise

DataSunrise enhances ScyllaDB’s auditing capabilities by providing centralized control and extended features such as:

• Real-Time Alerts for unauthorized activities.
• Fine-grained auditing rules.
• Visual dashboards to analyze activity history.

Setting Up DataSunrise for ScyllaDB

Step 1: Create a DataSunrise Instance

1. Open the DataSunrise management console.
2. Add a new instance for ScyllaDB by specifying the connection details.

3. Enable auditing features and set rules for data monitoring.

Step 2: Configure Audit Rules

• Filters: Define keyspaces, tables, or users to audit.

• Categories: Enable auditing for specific operations like DDL or DML.

Step 3: View Audit Results

Access the “Activity Logs” section to review detailed insights:

• Filter logs by user, table, or time.
• Export data for compliance reporting.

Benefits of Using DataSunrise for ScyllaDB Auditing

1. Centralized Management: Control auditing rules for multiple databases from a single console.
2. Custom Alerts: Get notified of unusual database activities.
3. Improved Compliance: Easily generate reports for regulatory requirements.
4. Performance Optimization: Lightweight and scalable auditing mechanism.

Conclusion

ScyllaDB’s native auditing features and DataSunrise’s advanced tools provide powerful solutions for tracking data activity history. While native auditing is suitable for foundational monitoring, DataSunrise offers enhanced capabilities, such as centralized control and real-time alerts, to meet complex auditing needs.

To explore more about DataSunrise’s comprehensive database security suite, visitDataSunrise website and request an online demonstration.