AUDIT LOG¶
The AUDITLOG command is used for investigating historic events captured by your system, and is designed for tracking user activity and for incident response. The Audit Log feature records executed SQL statements and login and logout events.
Syntax¶
The following is the AUDITLOG syntax:
AUDITLOG
[ TIMEFRAME FROM <start_date_time> TO <end_date_time> ]
[ USERNAME IN ( <username1>,..., <usernameN>) ]
[ SESSIONID IN ( <session-id1>,..., <session-idN>) ]
[ QUERYID IN ( <query-id1>,..., <query-idN>) ]
[ STATUS IN ( <status1>,..., <statusN>) ]
[ Category IN ( <category1>,..., <categoryN>) ]
[ ADDITIONALDETAILS LIKE <%additional_details%> ]
[ ERRORDETAILS LIKE <%error_details%> ]
[ INITIATED BY ( ALL | { External | Blue_UI_User | Blue_UI_System | CLI | Jobs | Statistics } ) ]
Filters¶
Parameter Name |
Parameter Value |
Description |
Type |
|---|---|---|---|
|
|
Optional parameter for specifying a DATE or DATE TIME filter |
|
|
|
Optional parameter for specifying usernames filter, values should be comma separated |
|
|
|
Optional parameter for specifying sessions filter, values should be comma separated |
|
|
|
Optional parameter for specifying queries filter, values should be comma separated |
|
|
|
Optional parameter for specifying event statuses filter, values should be comma separated.
|
|
|
|
Optional parameter for specifying event categories filter, values should be comma separated.
|
|
|
|
Optional parameter for specifying event additional details filter. Wildcards may be used |
|
|
|
Optional parameter for specifying event error details filter. Wildcards may be used |
|
|
|
Optional parameter for filtering based on the source that triggered the query |
|
Examples¶
AUDITLOG;
Output:
time_stamp |last_update|username |session_id |query_id|client_ip_address|client_version |status |category |additional_details |error_details |tenant_id|initiated_by
-------------------+-----------+----------------------+------------------------------------+--------+-----------------+-------------------+------------------+--------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+---------+------------+
2024-02-12T14:08:09|null |[email protected] |260f68ec-dcb7-4b06-92fe-019ecd1d2707|11 |10.0.1.132 |SQream Node.js |COMPLETE |AUDITLOG |AUDITLOG TIMEFRAME FROM '2023-09-12 07:38:02' TO '2023-09-12 23:15:00' | |tenant |BLUE_UI_USER|
2024-02-12T14:01:06|null |sqream |83a6b666-a556-460b-b5b3-ce4d2ca795fe|3 |192.168.0.156 |SQream JDBC v0.1.66|COMPLETE |AUDITLOG |AUDITLOG | |tenant |EXTERNAL |
2024-02-12T13:59:51|null |sqream |4b9dc0fe-88db-4b8e-990d-2d1386b51ff9|1 |192.168.0.156 |SQream JDBC v0.1.66|COMPLETE |DESCRIBE |describe databases; | |tenant |EXTERNAL |
2024-02-12T13:59:51|null |sqream |4b9dc0fe-88db-4b8e-990d-2d1386b51ff9| |192.168.0.156 |SQream JDBC v0.1.66|Active |SESSION | | |tenant |EXTERNAL |
2024-02-12T13:59:50|null |sqream |590ed690-9a42-4911-aade-6233d0c1395d| |192.168.0.156 |SQream JDBC v0.1.66|Active |SESSION | | |tenant |EXTERNAL |
2024-02-12T13:56:11|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T13:29:18|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T13:27:34|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T13:01:05|null |[email protected]|b99b1139-2341-44a8-bb55-36da968f26ca|1 |10.0.1.132 |SQream Node.js |COMPLETE |SELECT |SELECT * from "public"."customer"¶LIMIT 10000 | |tenant |BLUE_UI_USER|
2024-02-12T13:01:05|null |[email protected]|b99b1139-2341-44a8-bb55-36da968f26ca| |10.0.1.132 |SQream Node.js |Active |SESSION | | |tenant |BLUE_UI_USER|
2024-02-12T13:01:01|null |[email protected]|20a2492d-52a0-4cfc-9eb7-1ebb61c1d694|2 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T13:00:57|null |[email protected]|20a2492d-52a0-4cfc-9eb7-1ebb61c1d694|1 |10.0.1.132 |SQream Node.js |COMPILATION_FAILED|SELECT |SELECT c_customer_sk, c_customer_id, c_current_cdemo_sk, c_current_hdemo_sk, c_current_addr_sk, c_first_shipto_date_sk, c_first_sales_date_sk, c_salutation, c_first_name, c_last_name, c_preferred_cust_flag, c_birth_day, c_birth_month, c_birth_year, c_birt|Error in compilation process: : Wrapped SqlParseException¶Cause: com.sqream.compiler.parser.impl.ParseException: Encountered "bool" at line 1, column 316.¶Was expecting one of:¶ "ARRAY" ...¶ "CASE" ...¶ "CAST" ...¶ "CLASSIFIER" ...¶ "CONVER|tenant |BLUE_UI_USER|
2024-02-12T13:00:57|null |[email protected]|20a2492d-52a0-4cfc-9eb7-1ebb61c1d694| |10.0.1.132 |SQream Node.js |Active |SESSION | | |tenant |BLUE_UI_USER|
2024-02-12T12:51:27|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T12:50:16|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|5 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:16|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|10 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:14|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|4 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:14|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|9 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:06|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|3 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:06|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|8 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:49:40|null |[email protected] |260f68ec-dcb7-4b06-92fe-019ecd1d2707|7 |10.0.1.132 |SQream Node.js |COMPLETE |DESCRIBE |DESCRIBE SESSIONS | |tenant |BLUE_UI_USER|
2024-02-12T12:49:19|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T12:49:03|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|2 |10.0.1.132 |SQream Node.js |COMPLETE |SELECT |SELECT¶ l_returnflag,¶ l_linestatus,¶ Sum(Cast(l_quantity AS BIGINT)) AS sum_qty,¶ Sum(l_extendedprice / 100.0) AS sum_base_price,¶ Sum(l_extendedprice / 100.0 * (1 - l_discount / 100.0)) AS sum_disc_price,¶ Sum(¶ l_extendedprice / 100.0 * (1 - l| |tenant |BLUE_UI_USER|
2024-02-12T12:48:59|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|1 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:48:59|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4| |10.0.1.132 |SQream Node.js |Active |SESSION | | |tenant |BLUE_UI_USER|
2024-02-12T12:48:48|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|7 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:48:43|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|6 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:48:42|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|5 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:48:40|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|4 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:47:55|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|3 |10.0.1.132 |SQream Node.js |COMPLETE |SELECT |SELECT¶ l_returnflag,¶ l_linestatus,¶ Sum(Cast(l_quantity AS BIGINT)) AS sum_qty,¶ Sum(l_extendedprice / 100.0) AS sum_base_price,¶ Sum(l_extendedprice / 100.0 * (1 - l_discount / 100.0)) AS sum_disc_price,¶ Sum(¶ l_extendedprice / 100.0 * (1 - l| |tenant |BLUE_UI_USER|
2024-02-12T12:47:37|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|2 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL bi | |tenant |BLUE_UI_USER|
2024-02-12T12:47:25|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|1 |10.0.1.132 |SQream Node.js |COMPILATION_FAILED|USE |USE POOL bi_pool |Pool does not exist |tenant |BLUE_UI_USER|
2024-02-12T12:47:25|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4| |10.0.1.132 |SQream Node.js |Active |SESSION | | |tenant |BLUE_UI_USER|
2024-02-12T12:46 |null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T12:42:11|null |[email protected] | | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T12:28:53|null |sqream |62ec92c8-ad0c-4277-ac0b-09ecb5efbaa8| |192.168.0.156 |SQream JDBC vnull |Closed |SESSION | | |tenant |CLI |
Using the TIMEFRAME filter:
AUDITLOG TIMEFRAME FROM '2024-01-12 07:38:02' TO '2024-02-12 23:15:00';
Output:
2024-02-12T14:00:04|null |sqream |83a6b666-a556-460b-b5b3-ce4d2ca795fe|1 |192.168.0.156 |SQream JDBC v0.1.66|COMPLETE |DESCRIBE |DESCRIBE QUERY SESSION ID '437d4321-c4da-4dba-95b5-9a80cd093979' QUERY ID '4' | |tenant |EXTERNAL |
2024-02-12T13:59:53|null |sqream |83a6b666-a556-460b-b5b3-ce4d2ca795fe| |192.168.0.156 |SQream JDBC v0.1.66|Active |SESSION | | |tenant |EXTERNAL |
2024-02-12T13:59:51|null |sqream |4b9dc0fe-88db-4b8e-990d-2d1386b51ff9|1 |192.168.0.156 |SQream JDBC v0.1.66|COMPLETE |DESCRIBE |describe databases; | |tenant |EXTERNAL |
2024-02-12T13:59:51|null |sqream |4b9dc0fe-88db-4b8e-990d-2d1386b51ff9| |192.168.0.156 |SQream JDBC v0.1.66|Active |SESSION | | |tenant |EXTERNAL |
2024-02-12T13:59:50|null |sqream |590ed690-9a42-4911-aade-6233d0c1395d| |192.168.0.156 |SQream JDBC v0.1.66|Active |SESSION | | |tenant |EXTERNAL |
2024-02-12T13:56:11|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T13:42:54|null |[email protected] |260f68ec-dcb7-4b06-92fe-019ecd1d2707|10 |10.0.1.132 |SQream Node.js |COMPLETE |AUDITLOG |AUDITLOG | |tenant |BLUE_UI_USER|
2024-02-12T13:29:18|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T13:27:34|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T13:25:36|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T13:21:07|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T13:14:48|null |[email protected] |260f68ec-dcb7-4b06-92fe-019ecd1d2707|9 |10.0.1.132 |SQream Node.js |COMPLETE |DESCRIBE |DESCRIBE SESSIONS INITIATED BY external | |tenant |BLUE_UI_USER|
2024-02-12T13:14:35|null |[email protected] |260f68ec-dcb7-4b06-92fe-019ecd1d2707|8 |10.0.1.132 |SQream Node.js |COMPLETE |DESCRIBE |DESCRIBE SESSIONS INITIATED BY ALL | |tenant |BLUE_UI_USER|
2024-02-12T13:01:05|null |[email protected]|b99b1139-2341-44a8-bb55-36da968f26ca|1 |10.0.1.132 |SQream Node.js |COMPLETE |SELECT |SELECT * from "public"."customer"¶LIMIT 10000 | |tenant |BLUE_UI_USER|
2024-02-12T13:01:05|null |[email protected]|b99b1139-2341-44a8-bb55-36da968f26ca| |10.0.1.132 |SQream Node.js |Active |SESSION | | |tenant |BLUE_UI_USER|
2024-02-12T13:01:01|null |[email protected]|20a2492d-52a0-4cfc-9eb7-1ebb61c1d694|2 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T13:00:57|null |[email protected]|20a2492d-52a0-4cfc-9eb7-1ebb61c1d694|1 |10.0.1.132 |SQream Node.js |COMPILATION_FAILED|SELECT |SELECT c_customer_sk, c_customer_id, c_current_cdemo_sk, c_current_hdemo_sk, c_current_addr_sk, c_first_shipto_date_sk, c_first_sales_date_sk, c_salutation, c_first_name, c_last_name, c_preferred_cust_flag, c_birth_day, c_birth_month, c_birth_year, c_birt|Error in compilation process: : Wrapped SqlParseException¶Cause: com.sqream.compiler.parser.impl.ParseException: Encountered "bool" at line 1, column 316.¶Was expecting one of:¶ "ARRAY" ...¶ "CASE" ...¶ "CAST" ...¶ "CLASSIFIER" ...¶ "CONVER|tenant |BLUE_UI_USER|
2024-02-12T13:00:57|null |[email protected]|20a2492d-52a0-4cfc-9eb7-1ebb61c1d694| |10.0.1.132 |SQream Node.js |Active |SESSION | | |tenant |BLUE_UI_USER|
2024-02-12T12:51:27|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T12:50:16|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|5 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:16|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|10 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:14|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|4 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:14|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|9 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:06|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|3 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:50:06|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|8 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:49:40|null |[email protected] |260f68ec-dcb7-4b06-92fe-019ecd1d2707|7 |10.0.1.132 |SQream Node.js |COMPLETE |DESCRIBE |DESCRIBE SESSIONS | |tenant |BLUE_UI_USER|
2024-02-12T12:49:19|null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T12:49:03|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|2 |10.0.1.132 |SQream Node.js |COMPLETE |SELECT |SELECT¶ l_returnflag,¶ l_linestatus,¶ Sum(Cast(l_quantity AS BIGINT)) AS sum_qty,¶ Sum(l_extendedprice / 100.0) AS sum_base_price,¶ Sum(l_extendedprice / 100.0 * (1 - l_discount / 100.0)) AS sum_disc_price,¶ Sum(¶ l_extendedprice / 100.0 * (1 - l| |tenant |BLUE_UI_USER|
2024-02-12T12:48:59|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4|1 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:48:59|null |[email protected]|494a532b-d50e-432e-8051-8291332443c4| |10.0.1.132 |SQream Node.js |Active |SESSION | | |tenant |BLUE_UI_USER|
2024-02-12T12:48:48|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|7 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:48:43|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|6 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:48:42|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|5 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:48:40|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|4 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL SQream | |tenant |BLUE_UI_USER|
2024-02-12T12:47:55|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|3 |10.0.1.132 |SQream Node.js |COMPLETE |SELECT |SELECT¶ l_returnflag,¶ l_linestatus,¶ Sum(Cast(l_quantity AS BIGINT)) AS sum_qty,¶ Sum(l_extendedprice / 100.0) AS sum_base_price,¶ Sum(l_extendedprice / 100.0 * (1 - l_discount / 100.0)) AS sum_disc_price,¶ Sum(¶ l_extendedprice / 100.0 * (1 - l| |tenant |BLUE_UI_USER|
2024-02-12T12:47:37|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|2 |10.0.1.132 |SQream Node.js |EXECUTION_SUCCEED |USE |USE POOL bi | |tenant |BLUE_UI_USER|
2024-02-12T12:47:25|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4|1 |10.0.1.132 |SQream Node.js |COMPILATION_FAILED|USE |USE POOL bi_pool |Pool does not exist |tenant |BLUE_UI_USER|
2024-02-12T12:47:25|null |[email protected]|e09ebcd9-1625-4ca1-ba7b-b662cf138ef4| |10.0.1.132 |SQream Node.js |Active |SESSION | | |tenant |BLUE_UI_USER|
2024-02-12T12:46 |null |[email protected]| | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T12:42:11|null |[email protected] | | | |API |GET |DASHBOARD |Change Date:2024-02-05-->2024-02-12 | | |BLUE_UI_USER|
2024-02-12T12:28:53|null |sqream |62ec92c8-ad0c-4277-ac0b-09ecb5efbaa8| |192.168.0.156 |SQream JDBC vnull |Closed |SESSION | | |tenant |CLI |
Permissions¶
Using the AUDIT_LOG command requires SUPERUSER permissions.
For more information, see Supported Permissions.