Security log analyzer
AuraDB Professional AuraDB Virtual Dedicated Cloud
Security log analyzer is a feature that provides a UI to review the security events on an Aura instance.
You can access security logs from Logs in the left-hand navigation and selecting Security in the tabs at the top.
To switch between instances, use the dropdown menu on the top left.
Security log analyzer is split up in two parts:
-
Summary table - An aggregated view of security logs, giving a high level overview over the selected time period.
-
Details table - A detailed view showing individual security events in the selected time period.
Use the Fetch logs button to fetch logs and select a time range for the request. You may optionally select any filters or search text if required, then press Fetch.
A summary of security events is returned, showing aggregations per event. To see the individual security events, click the right arrow at the end of the line to show details for that event. The details pane shows individual events.
Fetch logs
You can select the time range for the security logs from the following intervals:
-
Last 30 minutes
-
Last hour
-
Last 2 hours
-
Last 6 hours
-
Last 24 hours
-
Custom time range (start date and end date)
|
Security logs are available for a period of 30 days, and each request can be for up to 24 hours of data. |
Log tables
The log tables provide two different views of your security data:
-
The Summary table aggregates similar security events, showing statistics like total count and time range. The table will be grouped by status and executing user. This view helps identify patterns and potential security issues across multiple events.
-
The Details table shows individual security events with their specific timestamps, users, and other details. This granular view is useful for investigating specific incidents or understanding the context of individual security events.
Summary
| Display Name | Field Name | Description |
|---|---|---|
Status |
|
The status of the security event. |
Message |
|
The log message. |
Count |
|
The number of times this security event was found. |
From |
|
The start timestamp of the first security event. |
To |
|
The end timestamp of the last security event. |
Executing User |
|
The user who executed the security event. |
Authenticated User |
|
The user whose credentials were used to authenticate. |
Actions |
|
Contains an icon button (Arrow Right Circle) to view detailed executions of this specific security message in the Details table. Use this button to filter the Details table to show only executions of the selected security message. |
Details
| Display Name | Field Name | Description |
|---|---|---|
Status |
|
The status of the security event. |
Message |
|
The log message. |
Time |
|
The timestamp when the log was created, including milliseconds. |
Executing User |
|
The user who executed the security event. |
Authenticated User |
|
The user whose credentials were used to authenticate. |
Database |
|
The database for the security event (if applicable). |
Driver |
|
The database driver used during the security event. |
Table interactions
Sort table
By default, the table is sorted on Count for Summary and Status for Details. Use the column heading to sort by a column (such as Executing User).