# Database Audit Logging > Database audit logging has two layers: infrastructure (provider-managed) and workflow (database activity). What each captures and why compliance requires both. Source: https://www.bytebase.com/database-audit-logging/ --- ## Every action logged. Every change attributable. Database audit logging is two systems, not one. Cloud providers cover the infrastructure layer. The workflow layer — schema changes, queries, approvals, exports — is yours to build. ## Two layers. One trail. ### Infrastructure layer Provisioning, configuration, backups, network. Captured by CloudTrail, Cloud Audit Logs, Azure Monitor. Records are well-formatted, centrally retained, and tied to a cloud principal. ### Workflow layer Schema changes, queries, approvals, exports. Engine-native auditing covers parts of this — pgaudit, MySQL audit plugins, SQL Server Audit, Oracle Unified Auditing. Three gaps remain regardless: identity, context, coverage. ## Read in order. ### Database Audit Logging: Two Layers, One Trail The hub. What each layer captures and why compliance requires both. /blog/database-audit-logging ### How Bytebase Handles Audit Logging The three gaps Bytebase closes, the record format, masking metadata, export paths. /blog/bytebase-audit-logging ### SOC 2 Audit Log Requirements: Lessons From Our Own Audit Four mandatory fields. Six categories of admin activity. /blog/soc2-audit-logging ## Every engine. One workflow layer. ### PostgreSQL Native logging, triggers, logical replication, pgaudit. /blog/postgres-audit-logging ### MySQL General log, audit plugins, binlog CDC. Coming. ### SQL Server Server and database audit specifications. Coming. ### Oracle Unified Auditing, UNIFIED_AUDIT_TRAIL. Coming. ### Cloud-managed RDS, Cloud SQL, Azure Database — provider-wrapped engine logs. Coming. ## Every framework. Same evidence. ### SOC 2 Four mandatory fields. Six categories of admin activity. /blog/soc2-audit-logging ### HIPAA § 164.312(b) audit controls. SELECT visibility on PHI. Coming. ### PCI DSS Requirement 10. One year retained, three months online. Coming. ### ISO 27001 Annex A 8.15 — activities, exceptions, security events. Coming. ### GDPR Article 30 records of processing. Reads, exports, modifications. Coming. ## Get Started - [Contact us](https://www.bytebase.com/contact-us/) - [Start now (cloud)](https://console.bytebase.com)