Query audit#
Dell Data Analytics Engine, powered by Starburst Enterprise platform (SEP) can log and keep an audit trail about query executions. It logs a timestamp value, the initiating user, the query ID and the SQL statement. Log entries are stored in textual format in log files that are automatically compressed and rotated at the end of a day.
Note
Query audit logger requires a valid Starburst Enterprise license.
The log file contains one log entry per line and the values are separated by a tab character. The timestamp is using ISO 8601 format.
2020-04-06T17:33:23+0000 admin 20200406_173323_00003_sae98 select * from customer
Note
An improved alternative to the query audit feature is provided by Backend service. It includes access to data in Insights query overview.
Query audit logging is implemented as a event listener and can be enabled by creating a configuration file
called etc/event-listener.properties
with the following properties.
Property name |
Description |
---|---|
|
The name needs to be set to the |
|
Path of the security audit log file. Defaults to
|
|
Maximum size of a single security audit log file. Defaults to |
|
Maximum number of security audit log files. Defaults to |
|
Optional log directory so that Amazon CloudWatch can use them. |