Skip to main content
Skip table of contents

Extract and Download Audit Logs

Overview

This feature enables you to extract various audit logs generated by QueryPie and download them as CSV files. Even large files, such as logs covering an extended period, can be extracted and downloaded reliably. Once created, log extract files remain available for download for 30 days. Nine types of logs are supported for extraction, including Query Audit, Workflow SQL Request, and more.

Audit > General > Audit Log Export

Supported log types for extraction

  1. Query Audit

  2. Workflow SQL Request

  3. Workflow SQL Export Request

  4. Workflow DB Access Request

  5. User Access History

  6. Admin Role History

  7. DB Access History

  8. DB Account Lock History

  9. DB Access Control Logs

Create a Log Extraction Job

Extracting and downloading audit logs involves the following steps: (1) accessing the relevant menu, (2) creating a log extraction task, (3) waiting for the log extraction to complete, and (4) downloading the file upon completion of the extraction.

To begin extracting audit logs, navigate to the 'Audit > General > Audit Log Export' menu and click the Create Task button located in the top right corner. Upon clicking the button, the following screen will appear.

  1. Enter a name for the log extraction task.

  2. Select the type of logs to extract (such as Query Audit).

    • After selecting a log type, click "See Log Template and Description" to view detailed information, such as keys for each log.

  3. Specify the start date for extraction.

  4. Specify the end date for extraction.

  5. Define a filter expression.

    1. Refer to "Filter expressions" below for instructions and examples.

  6. Generate a preview.

    1. Previewing is a mandatory step.

    2. Review the preview results before proceeding to the next step, 'Create'.

  7. Create the log extraction task.

Filter expressions

(1) To utilize filter expressions, refer to 'See Log Template and Description' for the log-specific keys, their types, and included values.

(2) Filter expressions are categorized based on data type:

  • Number Type

    • Supported expressions : >, <, <=, >=, ==, !=

    • e.g. x > `10`, x == `10`

  • String Type

    • Supported expressions : == (equals), != (not equals), contains

    • e.g. x == 'abc', x != 'abc', contains(x, 'ab')

  • Boolean Type

    • Supported expressions : == (equals), != (not equals), && (and), || (or)

    • e.g. x == `true`, x && y, (x > `0`) && (y == `0`)

  • Array Type

    • Example: x[? @ == 'value'], list[? @ > `10`]

(3) Use the following characters for multiple conditions :

  • AND Condition : &&

  • OR Condition : ||

  • Compound condition : ( )

(4) Examples :

  • Extract only query execution logs during Query Audit :

    • actionType == 'SQL_EXECUTION'

  • Extract only query execution logs made to WebEditor during Query Audit :

    • actionType == 'SQL_EXECUTION' && executedFrom == 'WEB_EDITOR'

  • Extract logs for two specific databases from DB Access History :

    • connectionName == 'database1' || connectionName == 'database2'

  • Extract DB Access History for two specific databases with Replication Type as SINGLE :

    • (connectionName == 'database1' || connectionName == 'database2') && replicationType == 'SINGLE'

Criteria for specifying the Privilege Type of export files in Query Audit

The 'Privilege Type' column in the export file indicates the privileges required at runtime. It functions as follows:

  1. Commands executed with default privileges (SET, SHOW, etc.) have a blank value in the corresponding column.

  2. Logs executed with privileges such as INSERT specify the SQL Type.

  3. For Redis, the command name is specified.

Download Files When an Extraction Task Is Complete

For short-term queries with no filtering criteria, log extraction is typically completed within minutes. However, for logs spanning longer periods or with more complex filtering criteria, extraction may take several hours.

Once the extraction operation is finished, you can download the log files in two ways, as illustrated in the image below.

1. Click on the enabled "Download" button in the Audit Log Export list.

2. Click on an action in the list to enter the detail page, then click on the active "Download" button located at the top right corner.

Encrypt Log File

The downloadable file is a '*.zip' file that compresses the '*.csv' file.

To set a password for this compressed file, ensure that the "Export a file with Encryption" option is set to "Required" in the 'General Settings > Company Management > Security' menu.

Log Extract File Retention Policy

Once extracted, log files are retained for 30 days from the date the job was created and can be downloaded an unlimited number of times during this period. However, after 30 days, the files are automatically deleted and are no longer accessible for download. If you require logs under the same conditions again, you will need to initiate the log extraction job once more.

Related Topics

 

Back to Audit Logs and Reports

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.