User guide
Database Audit Logging
Topics
• Overview (p. 215)
• Amazon Redshift Logs (p. 215)
• Enabling Logging (p. 217)
• Managing Log Files (p. 218)
• Troubleshooting Amazon Redshift Audit Logging (p. 220)
• Using AWS CloudTrail for Amazon Redshift (p. 221)
• Configuring Auditing Using the Console (p. 221)
• Configuring Logging by Using the Amazon Redshift CLI and API (p. 223)
Overview
Amazon Redshift logs information about connections and user activities in your database.These logs
help you to monitor the database for security and troubleshooting purposes, which is a process often
referred to as database auditing. The logs are stored in the Amazon Simple Storage Service (Amazon
S3) buckets for convenient access with data security features for users who are responsible for monitoring
activities in the database.
Amazon Redshift Logs
Amazon Redshift logs information in the following log files:
• Connection log — logs authentication attempts, and connections and disconnections.
• User log — logs information about changes to database user definitions.
• User activity log — logs each query before it is run on the database.
The connection and user logs are useful primarily for security purposes.You can use the connection log
to monitor information about the users who are connecting to the database and the related connection
information, such as their IP address, when they made the request, what type of authentication they used,
and so on.You can use the user log to monitor changes to the definitions of database users.
API Version 2012-12-01
215
Amazon Redshift Management Guide
Overview