Sign inTry Free

Audit Logging Levels

On this page

There are 11 logging levels that are organized into the following categories, each with increasing levels of verbosity:

  • Log only valid statements and queries:

    • LOGINS-ONLY

    • ADMIN-ONLY

    • WRITES-ONLY

    • ALL-QUERIES

    • ALL-QUERIES-PLAINTEXT

    • ALL-RESULTS

  • Log valid and invalid statements and queries:

    • ADMIN-ONLY-INCLUDING-PARSE-FAILS (default)

    • WRITES-ONLY-INCLUDING-PARSE-FAILS

    • ALL-QUERIES-INCLUDING-PARSE-FAILS

    • ALL-QUERIES-PLAINTEXT-INCLUDING-PARSE-FAILS

    • ALL-RESULTS-INCLUDING-PARSE-FAILS

A valid statement or query is one that can be successfully parsed by SingleStore. Invalid statements or queries include those with misspellings or improper syntax.

Caution

User credentials and PII information contained in all valid statements and queries is obfuscated in audit logs. When invalid statements cannot be parsed, the literal query text is included in the log entry. This text may contain sensitive information. For example, if a user attempts to connect to the database with an invalid statement that contains their username and password, these values will be logged in plain text.

You can optionally filter logs for the root user only and exclude the audit of information schema queries. To change the current audit logging level contact SingleStore Support.

LOGINS-ONLY

The LOGINS-ONLY level logs the successful and failed login attempts into the database. These login activities coexist with audit data from existing levels, but the information about logins follows a different format than database activities. The LOGINS-ONLY level does not include the PARSE-FAILS option for logins, because this option is reserved for queries. The LOGINS-ONLY level is the lowest level of the audit log, i.e. every other audit level is inclusive of the login information.

ADMIN-ONLY and ADMIN-ONLY-INCLUDING-PARSE-FAILS

The ADMIN-ONLY level is inclusive of the LOGINS-ONLY level logs, and it also logs DDL operations such as CREATE, DROP, ALTER, etc. Additionally, if a query contains passwords (such as SET PASSWORD), the password’s value will be omitted from the log.

The ADMIN-ONLY-INCLUDING-PARSE-FAILS level is inclusive of ADMIN-ONLY but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry.

WRITES-ONLY and WRITES-ONLY-INCLUDING-PARSE-FAILS

The WRITES-ONLY level is inclusive of ADMIN-ONLY but also logs DML operations such as INSERT, DELETE, UPDATE, with one exception: SELECT queries are not logged.

The WRITES-ONLY-INCLUDING-PARSE-FAILS level is inclusive of WRITES-ONLY but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry.

ALL-QUERIES and ALL-QUERIES-INCLUDING-PARSE-FAILS

The ALL-QUERIES level is inclusive of WRITES-ONLY but also logs read operations such as SELECT statements.

The ALL-QUERIES-INCLUDING-PARSE-FAILS level is inclusive of ALL-QUERIES but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry.

ALL-QUERIES-PLAINTEXT and ALL-QUERIES-PLAINTEXT-INCLUDING-PARSE-FAILS

The ALL-QUERIES-PLAINTEXT level is inclusive of ALL-QUERIES but also logs the entire literal query, not just the parameterized version without literal strings and numbers.

The ALL-QUERIES-PLAINTEXT-INCLUDING-PARSE-FAILS level is inclusive of ALL-QUERIES-PLAINTEXT but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry.

ALL-RESULTS and ALL-RESULTS-INCLUDING-PARSE-FAILS

The ALL-RESULTS level is inclusive of ALL-QUERIES-PLAINTEXT but also logs the database’s responses. This is the most verbose logging level available, and accordingly it produces a large number of log entries.

When this level is selected, the entry ID for a query is shared with the results entries.

The ALL-RESULTS-INCLUDING-PARSE-FAILS level is inclusive of ALL-RESULTS but also logs invalid statements that fail to parse. These invalid statements may include sensitive information that would normally be obfuscated in a log entry.

Last modified: March 18, 2025

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK