YugabyteDB Audit Log

Introduction

In today’s data-driven world, maintaining security compliance and operational oversight is crucial. Robust audit logs help achieve this by tracking database activities. YugabyteDB offers built-in logging features, which you can further enhance with advanced monitoring solutions.

Native YugabyteDB Audit Capabilities

YSQL Audit Logging

YSQL uses the PostgreSQL Audit Extension v1.7 (pgaudit) to log detailed session and object events in YB-TServer logs. This integration enables comprehensive tracking of database operations.

How to Enable YSQL Audit Logging

You can enable audit logging in two ways:

During Cluster Startup:

--ysql_pg_conf_csv="pgaudit.log='all, -misc',pgaudit.log_parameter=on,pgaudit.log_relation=on"

For a Specific Session:

SET pgaudit.log='DDL';
SET pgaudit.log_client=ON;

After configuring, create the pgaudit extension with:

CREATE EXTENSION IF NOT EXISTS pgaudit;

Example: YSQL Audit Log Output

Here’s how YSQL audit logs may appear:

log_time	user	database	command	object	details
2025-02-16 14:32:45	alice	salesdb	DDL	orders table	`CREATE TABLE orders (id INT);`
2025-02-16 15:01:12	bob	hrdb	DML	employees	`UPDATE employees SET salary=5000;`

For more details, visit YugabyteDB’s official YSQL audit logging documentation.

YCQL Audit Logging

YCQL provides its own audit logging system, capturing statements and events on each node through YB-TServer logs.

How to Enable YCQL Audit Logging

Activate audit logging by adding:

--ycql_enable_audit_log=true

Supported Audit Categories

QUERY: Logs SELECT operations
DML: Tracks INSERT, UPDATE, DELETE actions
DDL: Captures schema modifications
DCL: Monitors role and permission changes
AUTH: Records authentication events
PREPARE: Logs prepared statement usage

Example: YCQL Audit Log Output

Below is a sample YCQL audit log:

log_time	node	client_ip	operation	keyspace	table	details
2025-02-16 13:45:23	node1	192.168.1.10	QUERY	ecommerce	products	`SELECT * FROM products WHERE category = 'electronics';`
2025-02-16 14:15:50	node3	192.168.1.12	DML	banking	accounts	`INSERT INTO accounts (id, balance) VALUES (1, 1000);`

Advanced Auditing with DataSunrise

While YugabyteDB’s native audit features provide strong monitoring, businesses with strict compliance needs can benefit from DataSunrise’s advanced auditing solution.

DataSunrise proxy managing multiple database connections

Key Features of DataSunrise

DataSunrise delivers real-time database activity monitoring by tracking queries, sessions, and performance metrics within a unified framework. Additionally, it enhances security through: – Dynamic data masking – Granular access controls – Proactive threat detection – Behavioral analytics

How to Set Up DataSunrise for YugabyteDB

Create a Database Profile
Configure connection parameters, enable proxy mode, and set security options for your YugabyteDB instance.
Define Audit Rules
Set monitoring parameters, alert conditions, logging settings, and data retention policies.
Implement Real-Time Monitoring
Track query patterns, analyze performance, and detect security threats.

Conclusion

To achieve effective auditing in YugabyteDB, leverage built-in logging for essential tracking and integrate advanced solutions like DataSunrise for comprehensive security and compliance. This combination ensures robust monitoring with minimal performance impact.

For further guidance on securing and monitoring YugabyteDB, check out the official security documentation or explore DataSunrise’s deployment options.

Interested in DataSunrise’s powerful database security features? Book your personal online demo today.