Cyral allows users fine grained control over what types of logs are generated by the Cyral service. This is configured on a repository by repository basis.
To configure the log types generated for a repository, select the desired repository from the "Repositories" screen and make your desired adjustments to log volume settings:
- Log everything specifies that Cyral will log all types of events including audit logs, queries that read data, data manipulation (DML) actions, DDLs, database transactions, policy violations, analyzer errors, and privileged actions.
- Audit logging specifies that Cyral will log all DML actions, policy violations, queries on sensitive data, data definition actions (DDLs), and privileged activity.
- Log all DMLs specifies that Cyral will log all data manipulation actions, such inserting or updating data.
- Log all DDLs specifies that Cyral will log all data definition actions, such creating or dropping tables or collections.
- Log privileged activity specifies that Cyral will log all data repository administration actions, such as creating or dropping users from a database.
- Log sensitive queries specifies that Cyral will log only DML and DDL actions that involve sensitive tables, collections, columns, or fields. If you use Cyral policies, actions that violate your Cyral policies are also logged.
- Log policy violations specifies that Cyral will log only actions that violate your Cyral policies.
- Log port scans specifies that Cyral will log any suspected attempt to find open database ports on the repository.
- Log authentication failures specifies that Cyral will log each time a user’s authentication attempt fails.
- Block on violations specifies that, for a given session, Cyral will block any attempted action that would violate your policy. After an action is blocked, the user’s session continues normally.
- Rewrite on violations specifies that, instead of blocking a request that violates a policy, Cyral will rewrite the request so that it enforces conditions not present in the user's original query or action.
- Alert on policy violation specifies that, when an action violates a Cyral policy, an alert is sent via your configured messaging platform. This requires a Cyral policy. If you have no policies, use preconfigured alerts, instead.
- Enable preconfigured alerts specifies that Cyral will use its automatic preconfigured alerts mechanism. These alerts don't rely on Cyral policies. Instead, they're triggered by common DDL, and other significant actions on your data repository, such as; creating, modifying or deleting an object; creating user account or role; modifying a user account, authentication mechanism, object, or role; granting/revoking user or role privileges; modifying database-native audit and logging settings or configuration; running a privileged command; or running a full table scan.
- Perform filter analysis specifies that, when a database query performs a filter on requested data (usually using a WHERE clause) Cyral will capture the filter being applied and emit this information in the query log, where it can be consumed by the Cyral policy evaluator, dashboards, and your team.
- Redact literal values specifies that Cyral will not log data that might reveal the contents of your database. For example, a log entry for a statement with a WHERE clause will not show the values being matched in the WHERE clause.