Skip to main content
Version: v4.9

Configure events and data to be logged

Set your data activity logging preferences at the repository level:

  1. Navigate to Data Repos and click the name of your repository.
  2. Go to the Log Settings tab.

Here you can specify what types of events generate entries in the Cyral data activity logs.

note

You also have the option to specify which tables, columns, fields, or endpoints will be monitored.

Log Settings

Everything

Toggle this option ON to log all types of events including queries that query data, (DQL), manipulate data (DML), define schemas (DDL), as well as database transactions, privileged actions, suspicious actions, and policy violations.

Data Activity

Toggle this option ON to log all types of events including queries that query data, (DQL), manipulate data (DML), define schemas (DDL), as well as database transactions. To log only a subset of data actions, toggle this checkbox OFF and then toggle on the DQL, DML, and/or DDL checkboxes. For each, you can choose:

  • all requests to log every action of the selected type, regardless of the database object affected; or
  • logged fields to log only those actions that affect the fields you've specified in the Logged fields section at the bottom of the Log Settings tab.

Privileged commands

Log all data repository administration actions, such as creating or dropping users from a database.

Suspicious activity

Toggle this option ON to log all types of suspicious activity To log only a subset of activity types, toggle this checkbox OFF and then toggle on one or more of:

  • port scans: Logs any suspected attempt to find open database ports on the repository.
  • authentication failures: Log each time a user’s authentication attempt fails.
  • full scan: Log each time a user performs a full table scan or full collection scan.

Policy violations

Log only actions that violate your Cyral policies.

Connection activity

Create a log entry each time a user connects to or disconnects from the repository. This results in log entries with activityTypes of newConnection and closedConnection.

Logged fields

This section lists the data locations (for example tables and columns) whose activity is logged. To add or remove a data location from logging, add it to or remove it from your Data Map.

Learn more