Audit Log Export
Overview
This is a feature that allows you to extract various audit logs generated in QueryPie and download them as CSV files. It enables stable extraction and download even for large files such as logs spanning long periods. Once generated, log extraction files can be downloaded for 30 days. The supported extraction logs include Query Audit, Workflow SQL Request, and 21 other types.
With the addition of the Audit Log Export feature, the ‘Excel File Download’ button that was provided on each log screen has been discontinued from QueryPie v9.15.0.
Supported Extraction Log Types (QueryPie v11.0.0)
| Log Type | Release Version | Format |
|---|---|---|
| Workflow DB Access Request | CSV | |
| Workflow SQL Request | CSV | |
| Workflow SQL Request for Query Details | CSV | |
| Workflow SQL Export Request | CSV | |
| Workflow Restricted Data Access Request | 11.0.0 | JSON |
| Workflow DB Policy Exception Request | 11.0.0 | JSON |
| Workflow Unmasking Request | 11.0.0 | JSON |
| Workflow Decryption Request | 10.3.0 | JSON |
| Workflow Server Access Request | JSON | |
| Workflow Server Privilege Request | 11.3.0 | JSON |
| Workflow Access Role Request | 10.0.0 | CSV |
| IP Registration Request | 11.0.0 | JSON |
| User Access History | CSV | |
| Admin Role History | CSV | |
| Activity Logs | JSON | |
| Alert Logs | 10.3.0 | JSON |
| Query Audit | CSV | |
| DB Access History | CSV | |
| DB Account Lock History | CSV | |
| DB Access Control Logs | CSV | |
| DML Snapshot | JSON | |
| Restricted Data Access Logs (Legacy) | 10.3.0 | JSON |
| Masked Data Access Logs (Legacy) | 10.3.0 | JSON |
| Sensitive Data Access Logs (Legacy) | 10.3.0 | JSON |
| DAC Policy Audit Log | 11.3.0 | JSON |
| Server Access History | JSON | |
| Command Audit | JSON | |
| Session Logs | JSON | |
| Server Access Control Logs | JSON | |
| Server Role History | JSON | |
| Server Account Lock History | JSON | |
| Request Audit | JSON | |
| Kubernetes Role History | JSON | |
| Web App Access History | 11.0.0 | CSV |
| Web App Role History | 11.0.0 | CSV |
| Web App JIT Access Control Log | 11.0.0 | CSV |
| Web App Event Audit | 11.0.0 | CSV |
Viewing Audit Log Export List
Administrator > Audit > General > Audit Log Export
- Navigate to the Administrator > Audit > General > Audit Log Export menu.
- You can view the list of Audit Log Export tasks created so far.
- Status shows the progress status of the task:
- Processing : Audit log extraction is in progress.
- Completed : Audit log extraction is completed and file download is available. (If 30 days have passed since extraction completion, the file has expired and download is not possible.)
- Failed : Audit log extraction has failed. Please contact QueryPie Customer Support.
Creating Log Extraction Task
Audit log extraction and download proceeds through the following major steps: (1) Access related menu → (2) Create log extraction task → (3) Wait until log extraction completion → (4) Download file when extraction is completed
To start audit log extraction, you need to access the ‘Audit > General > Audit Log Export’ menu and click the Create Task button in the top right. When you click the button, the following screen appears.
Administrator > Audit > General > Audit Log Export > Create New Task
- Task Name : Enter the name of the log extraction task.
- Log Type : Select the type of log to extract.
- Select the log type you want to extract, such as Query Audit.
- After selecting the log type, click See Log Template and Description to view detailed information such as keys for each log.
- Download File Format : Specify the log output file format. (As of 9.17.0, the downloadable format for each log is limited to a single format. Please refer to the ‘Supported Extraction Log Types’ above.)
- For Text Exceeding 32,000 Characters : For CSV files, you can choose whether to trim text exceeding 32,000 characters.
- Trim Overflowing Text - Trims text exceeding 32,000 characters. Prevents table corruption due to exceeding the maximum number of characters per cell when opening files directly in Excel.
- No Action - Includes text exceeding 32,000 characters as is.
- From : Specify the extraction start date.
- To : Specify the last date for extraction. From 11.2.0, you can select the current date.
- Filter Expression : Specify filter expressions.
- Please refer to the ’ Filter Expression ’ section below for input methods and examples.
- Generate Preview : Generate a preview.
- Preview is a required step.
- You must check the preview results to proceed to the next step ‘Create’.
Createbutton : Creates the log extraction task.
Important Notes When extracting logs by selecting the current date, since data is accumulated in real-time, the content of the file generated through actual Create may differ from the results at the Preview time.
Filter Expression
(1) To use filter expressions, please refer to the log-specific keys and their types and included values through ‘See Log Template and Description’.
(2) Available filter expressions are divided as follows depending on the data type:
- Number Type
Supported expressions: >, <, <=, >=, ==, !=
Example: x > 10, `x == `10
- String Type
Supported expressions: == (equals), != (not equals), contains
Example: x == 'abc', x != 'abc', contains(x, 'ab')
- Boolean Type
Supported expressions: == (equals), != (not equals), && (and), || (or)
Example: x == true“,x && y, (x > 0) && (y == 0)
- Array Type
Example: x[? @ == 'value'], list[? @ > 10]
(3) You can use the following characters to use multiple conditions together:
-
AND condition: Use the
&&operator. -
OR condition: Use the
||operator. -
Complex condition: Use parentheses (
( )) to group conditions that need to be processed together.
(4) Examples
-
Expression needed to extract only query execution logs from Query Audit:
actionType == 'SQL_EXECUTION' -
Expression needed to extract only query execution logs performed in web editor from Query Audit:
actionType == 'SQL_EXECUTION' && executedFrom == 'WEB_EDITOR' -
Expression needed to extract only for 2 specific databases from DB Access History:
connectionName == 'database1' || connectionName == 'database2' -
Expression needed to extract only for 2 specific databases with Replication Type SINGLE from DB Access History:
(connectionName == 'database1' || connectionName == 'database2') && replicationType == 'SINGLE'
Query Audit Export File Privilege Type Specification Criteria
The ‘Privilege Type’ column in the export file records which permission was required at the time of execution. It works as follows:
- Commands executed with basic permissions (SET, SHOW, etc.) have blank values in the corresponding column.
- Logs performed according to permissions such as INSERT have SQL Type specified.
- For Redis, the command name is specified.
Downloading Files When Extraction Task is Completed
For short-term queries without separate filtering conditions, log extraction is completed within a few minutes. For logs spanning long periods or with high complexity of filtering conditions, it may take some time for log extraction.
After the extraction task is completed, you can download the log file in two ways:
- Download from list page: Click the Download button on the list page.
- Download from detail page: Click on the task on the list page to enter the detail page, then click the Download button in the top right.
Including Password in Download File
The download target file is a ‘*.zip file compressed from *.csv or *.json files’.
To specify a password for the compressed file, you must set the Export a file with Encryption option to ‘Required’ in the ‘General Setting > Security’ menu.
Log Extraction File Retention Policy Guide
Extracted log files are retained for 30 days from the task creation date, and unlimited downloads are possible within that period. However, files expire after 30 days. If you need expired log files, please create a new log extraction task.