ybm cluster db-audit-logging

Manage cluster database audit logging

Use the cluster db-audit-logging resource to perform operations on a YugabyteDB Aeon cluster, including the following:

  • enable, disable, and update database audit logging.
  • get information about database audit logging.

For information on database audit logging settings, refer to Database Audit Logging.

Prerequisite

Before using these commands, you must have an integration configuration already set up. This configuration defines the authentication and connection details for the third-party tool where logs will be exported.

Syntax

Usage: ybm cluster db-audit-logging [command] [flags]

Examples

Enable database audit logging for a cluster:

ybm cluster db-audit-logging enable \
  --cluster-name your-cluster \
  --integration-name datadog1 \
  --statement_classes="READ,WRITE,ROLE" \
  --wait \
  --ysql-config="log_catalog=true,log_client=true,log_level=NOTICE,log_relation=true,log_parameter=true,log_statement_once=true"

Disable database audit logging for a cluster.

ybm cluster db-audit-logging disable \
  --cluster-name your-cluster

Get information about database audit logging for a cluster.

ybm cluster db-audit-logging describe --cluster-name your-cluster

Update some fields of the log configuration.

ybm cluster db-audit-logging update \
  --cluster-name your-cluster \
  --integration-name your-integration \
  --statement_classes="WRITE,MISC" \
  --ysql-config="log_catalog=true,log_client=false,log_level=NOTICE,log_relation=false,log_parameter=true,log_statement_once=true"

Commands

enable

Enable database audit logging for a cluster and export the logs to the integration passed in the flag --integration-name.

Flag Description
--cluster-name Required. Name of the cluster whose database audit logging you want to enable.
--integration-name Required. Name of the integration that you want to use to export the logs.
--ysql-config Required. The YSQL audit logging settings, provided as key-value pairs.
Arguments:
  • log_catalog
  • log_level
  • log_client
  • log_parameter
  • log_relation
  • log_statement_once
--statement_classes Required. The YSQL statements to log, provided as key-value pairs.
Arguments:
  • READ
  • WRITE
  • FUNCTION
  • ROLE
  • DDL
  • MISC
For more details, see Database Audit Logging.

disable

Disable database audit logging for a cluster.

Flag Description
--cluster-name Required. Name of the cluster whose database audit logging you want to disable.
-f, --force Optional. Bypass the prompt for non-interactive usage.

describe

Fetch detailed information about the audit logging configuration for a cluster.

Flag Description
--cluster-name Required. Name of the cluster for which you want to fetch the database audit logging configuration.

update

Update the database audit logging configuration.

Flag Description
--cluster-name Required. Name of the cluster with database audit logging configuration you want to update.
--integration-name Required. Name of the integration.
--ysql-config Required. The YSQL audit logging settings, provided as key-value pairs.
Arguments:
  • log_catalog
  • log_level
  • log_client
  • log_parameter
  • log_relation
  • log_statement_once
--statement_classes Required. The YSQL statements to log, provided as key-value pairs.
Arguments:
  • READ
  • WRITE
  • FUNCTION
  • ROLE
  • DDL
  • MISC
For more details, see Database Audit Logging.