# Audit Logging Levels There are 11 logging levels that can be specified by the `auditlog_level` variable in a node’s **memsql.cnf** file. These levels can be organized into three categories, each with increasing verbosity: * Logging is disabled: * `OFF` * Log only valid statements and queries: * `LOGINS-ONLY` * `ADMIN-ONLY` * `WRITES-ONLY` * `ALL-QUERIES` * `ALL-QUERIES-PLAINTEXT` * `ALL-RESULTS` * Log valid and invalid statements and queries: * `ADMIN-ONLY-INCLUDING-PARSE-FAILS` * `WRITES-ONLY-INCLUDING-PARSE-FAILS` * `ALL-QUERIES-INCLUDING-PARSE-FAILS` * `ALL-QUERIES-PLAINTEXT-INCLUDING-PARSE-FAILS` * `ALL-RESULTS-INCLUDING-PARSE-FAILS` A valid statement or query is one that can be successfully parsed by SingleStore. Invalid statements or queries include those with misspellings or improper syntax. > **⚠️ Warning**: User credentials and PII information contained in all valid statements and queries is obfuscated in audit logs. When invalid statements cannot be parsed, the literal query text is included in the log entry. This text may contain sensitive information. For example, if a user attempts to connect to the database with an invalid statement that contains their username and password, these values will be logged in plain text.Before selecting any level that specifies `INCLUDING-PARSE-FAILS`, ensure that the log file location is secured appropriately and that extra precaution is taken when processing the logs. ## OFF The `OFF` level is the default setting and prevents any logs from being created. ## LOGINS-ONLY The `LOGINS-ONLY` level logs the successful and failed login attempts into the database. These login activities coexist with audit data from existing levels, but the information about logins follows a different format than database activities. The `LOGINS-ONLY` level does not include the `PARSE-FAILS` option for logins, because this option is reserved for queries. The `LOGINS-ONLY` level is the lowest level of the audit log, i.e. every other audit level is inclusive of the login information. For more information, see the [Log Entry Schema for LOGINS-ONLY Level](https://docs.singlestore.com/db/v9.1/security/audit-logging/audit-log-file-format.md) section. ## ADMIN-ONLY and ADMIN-ONLY-INCLUDING-PARSE-FAILS The `ADMIN-ONLY` level is inclusive of the `LOGINS-ONLY` level logs, and it also logs DDL operations such as `CREATE`, `DROP`, `ALTER`, etc. Additionally, if a query contains passwords (such as `SET PASSWORD`), the password’s value will be omitted from the log. The `ADMIN-ONLY-INCLUDING-PARSE-FAILS` level is inclusive of `ADMIN-ONLY` but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry. ## WRITES-ONLY and WRITES-ONLY-INCLUDING-PARSE-FAILS The `WRITES-ONLY` level is inclusive of `ADMIN-ONLY` but also logs DML operations such as `INSERT`, `DELETE`, `UPDATE`, with one exception: `SELECT` queries are not logged. The `WRITES-ONLY-INCLUDING-PARSE-FAILS` level is inclusive of `WRITES-ONLY` but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry. ## ALL-QUERIES and ALL-QUERIES-INCLUDING-PARSE-FAILS The `ALL-QUERIES` level is inclusive of `WRITES-ONLY` but also logs read operations such as `SELECT` statements. The `ALL-QUERIES-INCLUDING-PARSE-FAILS` level is inclusive of `ALL-QUERIES` but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry. ## ALL-QUERIES-PLAINTEXT and ALL-QUERIES-PLAINTEXT-INCLUDING-PARSE-FAILS The `ALL-QUERIES-PLAINTEXT` level is inclusive of `ALL-QUERIES` but also logs the entire literal query, not just the parameterized version without literal strings and numbers. The `ALL-QUERIES-PLAINTEXT-INCLUDING-PARSE-FAILS` level is inclusive of `ALL-QUERIES-PLAINTEXT` but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry. ## ALL-RESULTS and ALL-RESULTS-INCLUDING-PARSE-FAILS The `ALL-RESULTS` level is inclusive of `ALL-QUERIES-PLAINTEXT` but also logs the database’s responses. This is the most verbose logging level available, and accordingly it produces a large number of log entries. When this level is selected, the entry ID for a query is shared with the results entries. For more information, see [Schema for ALL-RESULTS Database Responses](https://docs.singlestore.com/db/v9.1/security/audit-logging/audit-log-file-format.md). The `ALL-RESULTS-INCLUDING-PARSE-FAILS` level is inclusive of `ALL-RESULTS` but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry. *** Modified at: August 6, 2025 Source: [/db/v9.1/security/audit-logging/audit-logging-levels/](https://docs.singlestore.com/db/v9.1/security/audit-logging/audit-logging-levels/) (An index of the documentation is available at /llms.txt)