understanding RDS audit log file format
accroding to this official documentation, RDS audit log has the following comma-delimited information
timestamp, serverhost, username, host, connectionid, queryid, operation, database, object, retcode
i've noticed some logs are writing "READ" in place of operation and "proc" in place of object
for example, a log might say "some timestamp, prod1, user1, xx.xxx.xxx.xxx, 23, 12, read, mysql, proc, 0
how would you interpret this particular log? and what does it tell me?
i've read the official doc but the explanation is a bit vague
appreciate your help
As mentioned in the below provided documentation link, the operation is the the recorded action type for the event and the object is the value indicates the query that the database performed or for a TABLE events, it indicates the table name.
If the the server_audit_events is set to TABLE, the it logs the tables that were affected by query execution. Please refer the below mentioned explanation for the logs when the server_audit_events is set to TABLE,
In this log record according to "timestamp, serverhost, username, host, connectionid, queryid, operation, database, object, retcode", the operation is WRITE and the object is test2 from the database testdb, and the operation done is admin on server c731-instance-1 from the source 184.108.40.206.
In this log record according to "timestamp, serverhost, username, host, connectionid, queryid, operation, database, object, retcode", the operation is WRITE and the object is a Stored Procedure which is created in the the database mysql, and the is operation done by admin on server c731-instance-1 from the source 220.127.116.11.
I hope the above provided information is clear and helpful!
OmKar, thanks for the on-point explanation! now i understand "proc" stands for procedure. i wasnt sure what that means lol!!!
understanding RDS audit log file formatAccepted Answerasked 2 months ago
output log for RDS stored procedureasked 5 months ago
How to specify log levels using JSON format in Pythonasked 4 months ago
Audit collection for document updateasked 8 months ago
Can you trigger audit mitigation actions automatically?asked 3 years ago
general log vs audit logAccepted Answerasked 2 years ago
Aurora RDS Audit logasked 14 days ago
How to open a AWS GameLift Log?asked 10 months ago
Subscription filter on comma-delimited (CSV) logasked 2 years ago
Can an AWS RDS SQL Server Audit File be encypted with a kms key prior to upload to S3?asked 7 months ago