Skip to content

DOC-15312: For cloud, update that SQL Audit Logging goes to SENSITIVE_ACCESS channel and can be exported #20974

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
florence-crl merged 8 commits into from
Dec 8, 2025
Merged

DOC-15312: For cloud, update that SQL Audit Logging goes to SENSITIVE_ACCESS channel and can be exported #20974

florence-crl merged 8 commits into from
Dec 8, 2025

Conversation

@florence-crl
Copy link
Contributor

@florence-crl florence-crl commented Nov 4, 2025
edited
Loading

Fixes DOC-15312

In cockroachcloud/sql-audit-logging.md, updated with SENSITIVE_ACCESS logging channel and links to export-logs.md and export-logs-advanced.md.

Rendered preview

@florence-crl
In cockroachcloud/sql-audit-logging.md, updated with SENSITIVE_ACCESS…
7bef819 
… logging channel and links to export-logs.md and export-logs-advanced.md.
@netlify
Copy link

netlify bot commented Nov 4, 2025
edited
Loading

Deploy Preview for cockroachdb-interactivetutorials-docs canceled.

Name Link
🔨 Latest commit e03cd4a
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-interactivetutorials-docs/deploys/6937031e82deb40008e500d5

@netlify
Copy link

netlify bot commented Nov 4, 2025
edited
Loading

Deploy Preview for cockroachdb-api-docs canceled.

Name Link
🔨 Latest commit e03cd4a
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-api-docs/deploys/6937031e82deb40008e500d7

@github-actions
Copy link

github-actions bot commented Nov 4, 2025

Files changed:

@netlify
Copy link

netlify bot commented Nov 4, 2025

Netlify Preview

Name Link
🔨 Latest commit 7bef819
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-docs/deploys/690a512ed5a1fd000897dfb1
😎 Deploy Preview https://deploy-preview-20974--cockroachdb-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

@netlify
Copy link

netlify bot commented Nov 4, 2025
edited
Loading

Netlify Preview

Name Link
🔨 Latest commit e03cd4a
🔍 Latest deploy log https://app.netlify.com/projects/cockroachdb-docs/deploys/6937031e1467c9000860a4be
😎 Deploy Preview https://deploy-preview-20974--cockroachdb-docs.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify project configuration.

kevin-v-ngo
kevin-v-ngo approved these changes Nov 25, 2025
View reviewed changes
Copy link

@kevin-v-ngo kevin-v-ngo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice!

jhlodin
jhlodin reviewed Dec 1, 2025
View reviewed changes
src/current/cockroachcloud/sql-audit-logging.md Outdated
SQL audit logging gives you detailed information about queries being executed against a table in your cluster. This feature is especially useful when you want to log all queries that are run against a table that contains cardholder data, private health information (PHI), or other personally-identifiable information (PII).

After you enable SQL audit logging for a table, [contact Support](https://support.cockroachlabs.com/hc/) to request the audit logs.
After you enable SQL audit logging for a table, audit logs are sent to the [`SENSITIVE_ACCESS` logging channel]({% link {{site.current_cloud_version}}/logging-use-cases.md %}#sensitive_access). You can then export these logs depending on your deployment. For more information, refer to [Export Logs From a CockroachDB Standard Cluster]({% link cockroachcloud/export-logs.md %}) or [Export Logs From a CockroachDB Advanced Cluster]({% link cockroachcloud/export-logs-advanced.md %}).
Copy link
Contributor

@jhlodin jhlodin Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What does "depending on your deployment" mean in this context? Should be more specific.

florence-crl
florence-crl commented Dec 1, 2025
View reviewed changes
Copy link
Contributor Author

@florence-crl florence-crl left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jhlodin please review my updates.

@florence-crl florence-crl requested a review from jhlodin December 1, 2025 21:38
jhlodin
jhlodin reviewed Dec 2, 2025
View reviewed changes
src/current/cockroachcloud/sql-audit-logging.md Outdated
SQL audit logging gives you detailed information about queries being executed against a table in your cluster. This feature is especially useful when you want to log all queries that are run against a table that contains cardholder data, private health information (PHI), or other personally-identifiable information (PII).

After you enable SQL audit logging for a table, [contact Support](https://support.cockroachlabs.com/hc/) to request the audit logs.
After you enable SQL audit logging for a table, audit logs are sent to the [`SENSITIVE_ACCESS` logging channel]({% link {{site.current_cloud_version}}/logging-use-cases.md %}#sensitive_access). You can then export these logs depending on whether your deployment uses CockroachDB {{ site.data.products.standard }} or {{ site.data.products.advanced }}. For details, refer to [Export Logs From a CockroachDB {{ site.data.products.standard }} Cluster]({% link cockroachcloud/export-logs.md %}) or [Export Logs From a CockroachDB {{ site.data.products.advanced }} Cluster]({% link cockroachcloud/export-logs-advanced.md %}).
Copy link
Contributor

@jhlodin jhlodin Dec 2, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"depending on whether" is still unclear about what deployments can do this. It reads like you need Standard or Advanced to do this, so it would be much clearer to say "You can export these logs if your deployment uses CockroachDB Standard or Advanced".

Copy link
Contributor Author

@florence-crl florence-crl Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@jhlodin Ah, ok. Updated with your suggestion. Much clearer. Please review again.

@florence-crl florence-crl requested a review from jhlodin December 3, 2025 20:05
jhlodin
jhlodin approved these changes Dec 4, 2025
View reviewed changes
Copy link
Contributor

@jhlodin jhlodin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@florence-crl florence-crl merged commit 7dda910 into main Dec 8, 2025
5 checks passed
@florence-crl florence-crl deleted the DOC-15312 branch December 8, 2025 17:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jhlodin jhlodin jhlodin approved these changes

@kevin-v-ngo kevin-v-ngo kevin-v-ngo approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@florence-crl @jhlodin @kevin-v-ngo