# Configure Audit Logging > **📝 Note**: Audit logging features are only available in the SingleStore Enterprise edition. To enable audit logging, set `auditlog_level` to a value other than `OFF`. See [Audit Logging Levels](https://docs.singlestore.com/db/v9.1/security/audit-logging/audit-logging-levels.md) for more information. You can configure audit logging using the following variables: | Setting Name | Value | | --------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | `auditlog_disk_sync` | Specifies whether every audit log record is synchronously written and persisted to the disk. By default, this value is set to`OFF`and audit log disk syncs are delayed. | | `auditlog_level` | Specifies the audit logging level. By default, this value is set to`OFF`. Ten other levels are available — see[Audit Logging Levels](https://docs.singlestore.com/db/v9.1/security/audit-logging/audit-logging-levels.md)for more information. | | `auditlog_retention_period` | Indicates the retention period (in days) for audit log files. Setting this to`0`(the default) means that log files will be kept on the server indefinitely. | | `auditlog_root_only` | Log queries only for the root user.When set to`TRUE`, audit logging for every other user will be set to`FALSE`, and the changes to`auditlog_level`will only apply to the root user. | | `auditlog_rotation_size` | Specifies the maximum size per log file in bytes. By default, this value is set to 128MB, or`134217728`bytes. | | `auditlog_rotation_time` | Specifies the maximum time duration to write to a single log file in seconds. The log rotation check happens whenSingleStorewrites audit entries to the log. Therefore, in some rare cases (and especially on leaf nodes) where there are not a lot of entries written to the log, it is possible that the log is not rotated for greater periods of time than configured in`auditlog_rotation_time`. By default, this value is set to 1 hour, or`3600`seconds. | | `auditlogsdir` | Specifies the local or network directory to write log files. By default, this value is set to the`auditlogs`directory in your node’sSingleStoredirectory. For example:`/var/lib/memsql/-/auditlogs` | ## How to Enable and Configure Audit Logging You may enable and configure audit logging using the following two methods. With each method, you can set the variables that are described in the previous section. Note that you can only set these variables to take effect when a node starts, as opposed to taking effect while a node is running. Toolbox preserves the node's base directory (or “basedir”) during an upgrade. By default, Toolbox sets the `auditlogsdir` relative to the node’s base directory, and the value for `auditlogsdir` to `auditlogs`. For the tarball-based deployments, a node’s default base directory is `~/memsql/nodes/`, however, the base directory can be anywhere on the filesystem. When changing the value of `auditlogsdir`, SingleStore suggests using either: * A relative path * An absolute path outside of the `memsql` directory (i.e., outside of `/var/lib/memsql`). For example, `/var/log/memsql` or `/var/log/singlestore` are suitable provided that the `memsql:memsql` permissions are also set on this directory. ## Method 1: Use SingleStore Tools (Preferred Method) 1. Update the audit logging configuration variables using the [sdb-admin update-config](https://docs.singlestore.com/db/v9.1/reference/singlestore-tools-reference/sdb-admin-commands/update-config.md) command. Use the `--all` flag to update the variable settings on all nodes. For example, execute the following commands: ```shell sdb-admin update-config --all --key "auditlog_level" --value "ADMIN-ONLY" ``` ```shell sdb-admin update-config --all --key "auditlog_disk_sync" --value "OFF" ``` ```shell sdb-admin update-config --all --key "auditlog_rotation_size" --value "134217728" ``` ```shell sdb-admin update-config --all --key "auditlog_rotation_time" --value "3600" ``` ```shell sdb-admin update-config --all --key "auditlogsdir" --value "" ``` For `sdb-admin update-config --all --key "auditlogsdir" --value ""`: * To set the `auditlogsdir` value to `auditlogs`: ```shell sdb-admin update-config --all --key "auditlogsdir" --value "auditlogs" ``` * To set the `auditlogsdir` value within `/var/lib/memsql`: ```shell sdb-admin update-config --all --key "auditlogsdir" --value "/var/lib/memsql/master-3306-1/auditlogs" ``` * To set the `auditlogsdir` value outside of `/var/lib/memsql:` ```shell sdb-admin update-config --all --key "auditlogsdir" --value "/var/log/singlestore" ``` 2. Restart the nodes. ```shell sdb-admin restart-node --all ``` 3. Ensure that SingleStore starts successfully. Once started, validate that your settings have been loaded successfully by executing the following SQL command in a SQL client. ```sql SHOW GLOBAL VARIABLES LIKE 'audit%'; ``` ```output +---------------------------+-----------------------------------------+ | Variable_name | Value | +---------------------------+-----------------------------------------+ | auditlog_disk_sync | OFF | | auditlog_level | ADMIN-ONLY | | auditlog_retention_period | 0 | | auditlog_rotation_size | 134217728 | | auditlog_rotation_time | 3600 | | auditlogsdir | /var/lib/memsql/master-3306-1/auditlogs | +---------------------------+-----------------------------------------+ ``` Once each node in your cluster has been updated with the new configuration changes, audit logging has been successfully configured and enabled. ## Method 2: Modify the `memsql.cnf` File > **📝 Note**: Always ensure that each node in your cluster has been stopped before making audit logging configuration changes in the `memsql.cnf` file. 1. Open a new console window with access to the node you want to configure. 2. Stop any SingleStore processes on the node. ```shell sdb-admin stop-node --all ``` 3. Audit logging variables are set in the `memsql.cnf` file in each node’s SingleStore path. By default, the path for a typical Master Aggregator node is: * For RPM and Debian deployments: `/var/lib/memsql/` * For tarball-based deployments: `~/memsql/nodes/` After a node has been stopped, navigate to the `memsql.cnf` path for the node and open the file with a text editor. Add the four required audit logging variables. For example, consider the following sample configuration: ``` max-pooled-connections = 100 max-connection-threads = 256 default-partitions-per-leaf = 8 max_subselect_aggregator_rowcount = 0 allow_user_functions auditlog_level = ADMIN-ONLY auditlog_disk_sync = OFF auditlog_rotation_size = 134217728 auditlog_rotation_time = 3600 auditlogsdir = ``` For `auditlogsdir = `: * To set the `auditlogsdir` value to `auditlogs`: ```shell auditlogsdir = auditlogs ``` * To set the `auditlogsdir` value within `/var/lib/memsql`: ```shell auditlogsdir = /var/lib/memsql/master-3306-1/auditlogs ``` * To set the `auditlogsdir` value outside of `/var/lib/memsql`: ```shell auditlogsdir = /var/log/singlestore ``` 4. When your configuration is complete, save the `memsql.cnf` file and exit the text editor. > **⚠️ Warning**: Repeat the configuration update process for each node in your cluster before continuing. 5. Start the node. ```shell sdb-admin start-node --all ``` 6. Ensure that SingleStore starts successfully. Once started, validate that your settings have been loaded successfully by executing the following SQL command in a SQL client. ```sql SHOW GLOBAL VARIABLES LIKE 'audit%'; ``` ```output +---------------------------+-----------------------------------------+ | Variable_name | Value | +---------------------------+-----------------------------------------+ | auditlog_disk_sync | OFF | | auditlog_level | ADMIN-ONLY | | auditlog_retention_period | 0 | | auditlog_rotation_size | 134217728 | | auditlog_rotation_time | 3600 | | auditlogsdir | /var/lib/memsql/master-3306-1/auditlogs | +---------------------------+-----------------------------------------+ ``` Once each node in your cluster has been updated with the new configuration changes, audit logging has been successfully configured and enabled. ## Disabling Audit Logging When the `auditlog_level` is set to `OFF` (from previously being enabled), the following message is printed in the tracelog: ``` 04162153 2020-08-11 19:16:03.489 INFO: Audit Logging disabled (auditlog_level set to OFF). ``` *** Modified at: June 24, 2025 Source: [/db/v9.1/security/audit-logging/configuring-audit-logging/](https://docs.singlestore.com/db/v9.1/security/audit-logging/configuring-audit-logging/) (An index of the documentation is available at /llms.txt)