Logs

IONOS DBaaS stores the generated logs on the same disk as the database. Log files are rotated according to their size to conserve the disk space. Log messages are subject to a 30-day retention policy and are regularly checked to ensure they do not consume up to 175 MB of disk space.

Logs are generated for the following:

  • Connections established during a session creation

  • Disconnections when the session terminates

  • Lock wait time

  • DDL statements

  • Statements that run for at least 500 ms

  • Statements that result in an error

For more information, refer to the MariaDB Documentation.

Note: Currently, IONOS does not allow updating the log generation configuration.

Binary logs

MariaDB uses binary logs for continuous archiving and replication.

The binary logs record every change to the database. MariaDB deletes older log files automatically with the expire_logs_days in a typical operation mode. It means that binary log files, regular database log files such as audit logs, error logs, and client logs are deleted. For more information, refer to the MariaDB Documentation.

Password hashing

Ensure that the client library is up-to-date and supports the mysql_native_password authentication. For more information, refer to the MariaDB Documentation. The following links on the MariaDB website can help you with:

Connection encryption

All client connections are encrypted using TLS. To secure communications with the MariaDB Server using TLS, you need a private key and an X509 certificate for the server. Server certificates are issued by Let's Encrypt. For more information about certificates, refer to the MariaDB Documentation.

Certificates are issued for the DNS name of the cluster which is assigned automatically during creation and will look similar to ma-98tcp98ofe.qa.mariadb.fr-par.ionos.com. It is available via the IONOS API as the dnsName property of the cluster resource.

Here is how to verify the certificate using MariaDB with ssl option:

curl https://crt.sh/?d=9314791 > ca.crt
mariadb ${args} --ssl-ca=$(pwd)/ca.crt [--ssl-verify-server-cert]

Last updated