Console Audit Logging

TiDB Cloud provides the console audit logging feature to help you track various behaviors and operations of users on the TiDB Cloud console. For example, you can track operations, such as inviting a user to join your organization and creating a cluster.

Prerequisites

  • You must be in the Organization Owner or Organization Console Audit Admin role of your organization in TiDB Cloud. Otherwise, you cannot see the console audit logging-related options in the TiDB Cloud console.
  • You can only enable and disable the console audit logging for your organization. You can only track the actions of users in your organization.
  • After the console audit logging is enabled, all event types of the TiDB Cloud console will be audited, and you cannot specify only auditing some of them.

Enable console audit logging

The console audit logging feature is disabled by default. To enable it, take the following steps:

  1. In the lower-left corner of the TiDB Cloud console, click , and then click Console Audit Logging.
  2. Click Settings in the upper-right corner, and then enable console audit logging.

Disable console audit logging

To disable console audit logging, take the following steps:

  1. In the lower-left corner of the TiDB Cloud console, click , and then click Console Audit Logging.
  2. Click Settings in the upper-right corner, and then disable console audit logging.

View console audit logs

You can only view the console audit logs of your organization.

  1. In the lower-left corner of the TiDB Cloud console, click , and then click Console Audit Logging.
  2. To get a specific part of audit logs, you can filter the event type, operation status, and time range.
  3. (Optional) To filter more fields, click Advanced filter, add more filters, and then click Apply.
  4. Click the row of a log to view its detailed information in the right pane.

Export console audit logs

To export the console audit logs of your organization, take the following step:

  1. In the lower-left corner of the TiDB Cloud console, click , and then click Console Audit Logging.
  2. (Optional) If you need to export a specific part of console audit logs, you can filter through various conditions. Otherwise, skip this step.
  3. Click Export and select the desired export format in JSON or CSV.

Console audit log storage policy

The storage time of console audit logs is 90 days, after which the logs will be automatically cleaned up.

Console audit event types

The console audit logs record various user activities on the TiDB Cloud console through event types.

Console audit event typeDescription
CreateOrganizationCreate an organization
LoginOrganizationLog in to an organization
SwitchOrganizationSwitch from the current organization to another organization
LogoutOrganizationLog out from an organization
InviteUserToOrganizationInvite a user to join the organization
DeleteInvitationToOrganizationDelete a user's invitation to join the organization
ResendInvitationToOrganizationResend an invitation for a user to join the organization
ConfirmJoinOrganizationThe invited user confirms joining the organization
DeleteUserFromOrganizationDelete a joined user from the organization
UpdateUserRoleInOrganizationUpdate the role of a user in the organization
CreateAPIKeyCreate an API Key
EditAPIKeyEdit an API Key
DeleteAPIKeyDelete an API Key
UpdateTimezoneUpdate the time zone of your organization
ShowBillShow organization bill
DownloadBillDownload organization bill
ShowCreditsShow organization credits
AddPaymentCardAdd a payment card
UpdatePaymentCardUpdate a payment card
DeletePaymentCardDelete a payment card
SetDefaultPaymentCardSet a default payment card
EditBillingProfileEdit billing profile information
ContractActionOrganize contract-related activities
EnableConsoleAuditLogEnable console audit logging
ShowConsoleAuditLogShow console audit logs
InviteUserToProjectInvite a user to join a project
DeleteInvitationToProjectDelete a user's invitation to join the project
ResendInvitationToProjectResend an invitation for a user to join the project
ConfirmJoinProjectThe invited user confirms joining the project
DeleteUserFromProjectDelete a joined user from the project
CreateProjectCreate a project
CreateProjectCIDRCreate a new project CIDR
CreateAWSVPCPeeringCreate an AWS VPC Peering
DeleteAWSVPCPeeringDelete an AWS VPC Peering
CreateGCPVPCPeeringCreate a Google Cloud VPC Peering
DeleteGCPVPCPeeringDelete a Google Cloud VPC Peering
CreatePrivateEndpointServiceCreate private endpoint service
DeletePrivateEndpointServiceDelete private endpoint service
CreateAWSPrivateEndPointCreate an AWS private endpoint
DeleteAWSPrivateEndPointDelete AWS private endpoint
SubscribeAlertsSubscribe alerts
UnsubscribeAlertsUnsubscribe alerts
CreateDatadogIntegrationCreate datadog integration
DeleteDatadogIntegrationDelete datadog integration
CreateVercelIntegrationCreate vercel integration
DeleteVercelIntegrationDelete vercel integration
CreatePrometheusIntegrationCreate Prometheus integration
DeletePrometheusIntegrationDelete Prometheus integration
CreateClusterCreate a cluster
DeleteClusterDelete a cluster
PauseClusterPause a cluster
ResumeClusterResume a cluster
ScaleClusterScale a cluster
DownloadTiDBClusterCADownload CA certificate
OpenWebSQLConsoleConnect to a TiDB cluster through Web SQL
SetRootPasswordSet the root password of a TiDB cluster
UpdateIPAccessListUpdate the IP access list of a TiDB cluster
SetAutoBackupSet the automatic backup mechanism of a TiDB cluster
DoManualBackupPerform a manual backup of TiDB cluster
DeleteBackupTaskDelete a backup task
DeleteBackupDelete a backup file
RestoreFromBackupRestore to a TiDB cluster based on the backup files
RestoreFromTrashRestore to a TiDB cluster based on the backup files in the trash
ImportDataFromAWSImport data from AWS
ImportDataFromGCPImport data from Google Cloud
ImportDataFromLocalImport data from local disks
CreateMigrationJobCreate a migration job
SuspendMigrationJobSuspend a migration job
ResumeMigrationJobResume a migration job
DeleteMigrationJobDelete a migration job
ShowDiagnoseShow diagnosis information
DBAuditLogActionSet the activity of database audit logging
AddDBAuditFilterAdd a database audit log filter
DeleteDBAuditFilterDelete a database audit log filter
EditProjectEdit the information of a project
DeleteProjectDelete a project
BindSupportPlanBind a support plan
CancelSupportPlanCancel a support plan
UpdateOrganizationNameUpdate the organization name
SetSpendLimitEdit the spending limit of a TiDB Cloud Serverless scalable cluster
UpdateMaintenanceWindowModify maintenance window start time
DeferMaintenanceTaskDefer a maintenance task
CreateBranchCreate a TiDB Cloud Serverless branch
DeleteBranchDelete a TiDB Cloud Serverless branch
SetBranchRootPasswordSet root password for a TiDB Cloud Serverless branch
ConnectBranchGitHubConnect the cluster with a GitHub repository to enable branching integration
DisconnectBranchGitHubDisconnect the cluster from a GitHub repository to disable branching integration

Console audit log fields

To help you track user activities, TiDB Cloud provides the following fields for each console audit log:

Field nameData typeDescription
typestringEvent type
ends_attimestampEvent time
operator_typeenumOperator type: user or api_key
operator_iduint64Operator ID
operator_namestringOperator name
operator_ipstringOperator's IP address
operator_login_methodenumOperator's login method: google, github, microsoft, email, or api_key
org_iduint64Organization ID to which the event belongs
org_namestringOrganization name to which the event belongs
project_iduint64Project ID to which the event belongs
project_namestringProject name to which the event belongs
cluster_iduint64Cluster ID to which the event belongs
cluster_namestringCluster name to which the event belongs
trace_idstringTrace ID of the request initiated by the operator. This field is empty currently and will be available in future releases.
resultenumEvent result: success or failure
detailsjsonDetailed description of the event

Was this page helpful?