Logging additional data as comments on a query

Cyral offers an Enhance database logs option in the Advanced settings of each repository. When you use the UI toggle to activate this feature for a repository, Cyral inserts the database user's identifying information (the same as the contents of the identity block of the Cyral query logs) as a comment in each query so that it appears in your native database logs.

Optionally, you can add the contents of other Cyral logging blocks to each comment. The available blocks are identity, repo, client, and sidecar

To set this up, run an API call like the following on the repos/<repoID>/conf/analysis API endpoint of the Cyral API, setting the commentAnnotationGroups value to an array listing the blocks to be included in each query comment.

In this example:

  • Set the commentAnnotationGroups value to an array that includes one or more of: identity, client, repo, and/or sidecar
  • Replace <my-cyral-cp> with the address of your Cyral control plane
  • Replace <repo-id> with the ID number of your repository
  • Set all other values as desired for your repository; values shown here are examples only.
curl -H "Content-Type: application/json" -H "Authorization: Bearer $CYRAL_API_TOKEN" https://<my-cyral-cp>:8000/v1/repos/<repo-id>/conf/analysis -d '{"redact":"all", "tagSensitiveData":false, "ignoreIdentifierCase":false, "analyzeWhereClause":false, "alertOnViolation":true, "disablePreConfiguredAlerts":false, "blockOnViolation":false, "disableFilterAnalysis":false, "rewriteOnViolation":false, "logGroups":["everything"], "commentAnnotationGroups": ["identity", "client", "repo", "sidecar"]}'

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.