# Logs

IONOS Cloud DBaaS stores the generated logs on the same disk as the database. Log files are rotated according to their size to conserve the disk space. Log messages are subject to a 7-day retention policy.

Logs are generated for the following:

* Connections established during a session creation
* Disconnections when the session terminates
* Statements that run for at least 5 seconds
* Statements that result in an error

For more information, refer to the [<mark style="color:blue;">MariaDB Documentation</mark>](https://mariadb.com/kb/en/overview-of-mariadb-logs/).

{% hint style="info" %}
**Note:** Currently, IONOS Cloud does not allow updating the log generation configuration.
{% endhint %}

## Binary logs

MariaDB uses [<mark style="color:blue;">binary logs</mark>](https://mariadb.com/kb/en/overview-of-the-binary-log/) for continuous archiving and replication.

The binary logs record every change to the database. MariaDB deletes older log files automatically with the `expire_logs_days` in a typical operation mode. It means that binary log files, regular database log files such as audit logs, error logs, and client logs are deleted. For more information, refer to the [<mark style="color:blue;">MariaDB Documentation</mark>](https://mariadb.com/kb/en/using-and-maintaining-the-binary-log/).

## Password hashing

Ensure that the client library is up-to-date and supports the `mysql_native_password` authentication. For more information, refer to the [<mark style="color:blue;">MariaDB Documentation</mark>](https://mariadb.com/kb/en/password/). The following links on the MariaDB website can help you with:

* [<mark style="color:blue;">Setting passwords</mark>](https://mariadb.com/kb/en/password/)
* [<mark style="color:blue;">Authentication</mark>](https://mariadb.com/kb/en/authentication-plugin-ed25519/). For more information about resetting the database password, see [<mark style="color:blue;">Reset your Database Password</mark>](https://docs.ionos.com/sections-test/guides/databases/mariadb/troubleshooting/reset-db-password).

## Connection encryption

All client connections are encrypted using TLS. To secure communications with the MariaDB Server using TLS, you need a private key and an X509 certificate for the server. Server certificates are issued by Let's Encrypt. For more information about certificates, refer to the [<mark style="color:blue;">MariaDB Documentation</mark>](https://mariadb.com/kb/en/secure-connections-overview/).

Certificates are issued for the DNS name of the cluster which is assigned automatically during creation and will look similar to `ma-98tcp98ofe.qa.mariadb.fr-par.ionos.com`. It is available via the IONOS API as the `dnsName` property of the `cluster` resource.

Here is how to verify the certificate using MariaDB with `ssl` option:

```bash
curl https://crt.sh/?d=9314791 > ca.crt
mariadb ${args} --ssl-ca=$(pwd)/ca.crt [--ssl-verify-server-cert]
```