cloud: update Premium audit logging

[qqqdan]

First-time contributors' checklist

• I've signed the Contributor License Agreement, which is required for the repository owners to accept my contribution.

What is changed, added or deleted? (Required)

Which TiDB version(s) do your changes apply to? (Required)

Tips for choosing the affected version(s):

By default, CHOOSE MASTER ONLY so your changes will be applied to the next TiDB major or minor releases. If your PR involves a product feature behavior change or a compatibility change, CHOOSE THE AFFECTED RELEASE BRANCH(ES) AND MASTER.

For details, see tips for choosing the affected versions.

• master (the latest development version)
• v9.0 (TiDB 9.0 versions)
• v8.5 (TiDB 8.5 versions)
• v8.1 (TiDB 8.1 versions)
• v7.5 (TiDB 7.5 versions)
• v7.1 (TiDB 7.1 versions)
• v6.5 (TiDB 6.5 versions)
• v6.1 (TiDB 6.1 versions)
• v5.4 (TiDB 5.4 versions)

What is the related PR or file link(s)?

• This PR is translated from:
• Other reference link(s):

Do your changes match any of the following descriptions?

• Delete files
• Change aliases
• Need modification after applied to another branch
• Might cause conflicts after applied to another branch

[gemini-code-assist]

Code Review

This pull request updates the audit logging documentation for TiDB Cloud Premium by restructuring field descriptions into categorized tables and adding several new fields, including ROLES, KEYSPACE_NAME, and serverless-specific identifiers. It also introduces a note on real client IP visibility for AWS PrivateLink and a section on logging limitations. Review feedback addressed the use of an incorrect variable, grammatical errors, and missing backticks for technical terms like DISCONNECT and TIME.

[ti-chi-bot]

@ginkgoch: adding LGTM is restricted to approvers and reviewers in OWNERS files.

Details

In response to this:

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[Oreoxmt]

/cc @Oreoxmt

[ti-chi-bot]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please ask for approval from oreoxmt. For more information see the Code Review Process.
Please ensure that each of them provides their approval before proceeding.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[Oreoxmt]

Suggested change

	| `ID` | The unique identifier that identifies the audit record of an operation. |
	| `EVENT` | The event classes of the audit record. Multiple event types are separated by commas (`,`). |
	| `USER` | The username of the audit record. |
	| `ROLES` | The roles of the user at the time of the operation. |
	| `CONNECTION_ID` | The identifier of the user's connection. |
	| `TABLES` | The accessed tables related to this audit record. |
	| `STATUS_CODE` | The status code of the audit record. `1` means success, and `0` means failure. |
	| `REASON` | The error message of the audit record. Only recorded when an error occurs during the operation.|
	| `ID` | The unique identifier of the audit record. |
	| `EVENT` | The event classes of the audit record. Multiple event classes are separated by commas (`,`). |
	| `USER` | The name of the user who performed the operation. |
	| `ROLES` | The roles assigned to the user at the time of the operation. |
	| `CONNECTION_ID` | The identifier of the user's connection. |
	| `TABLES` | The tables accessed during the operation. |
	| `STATUS_CODE` | The status code of the operation. `1` indicates success, and `0` indicates failure. |
	| `REASON` | The error message of the operation. Recorded only when an error occurs. |

[Oreoxmt]

Suggested change

	| `SQL_TEXT` | The executed SQL statements. If audit log redaction is enabled, the redacted SQL statements are recorded. |
	| `EXECUTE_PARAMS` | The parameters for the `EXECUTE` statements. Recorded only when the event classes include `EXECUTE` and redaction is disabled. |
	| `AFFECTED_ROWS` | The number of affected rows of the SQL statements. Recorded only when the event classes include `QUERY_DML`. |
	| `SQL_TEXT` | The executed SQL statement. If audit log redaction is enabled, the redacted statement is recorded instead. |
	| `EXECUTE_PARAMS` | The parameters passed to the `EXECUTE` statement. Recorded only when the event classes include `EXECUTE` and redaction is disabled. |
	| `AFFECTED_ROWS` | The number of rows affected by the SQL statement. Recorded only when the event classes include `QUERY_DML`. |

[Oreoxmt]

Suggested change

	| `CURRENT_DB` | The name of the current database. When the event classes include `DISCONNECT`, this information is not recorded. |
	| `CONNECTION_TYPE` | The type of connection, including Socket, UnixSocket, and SSL/TLS. |
	| `PID` | The process ID of the current connection. |
	| `SERVER_VERSION` | The current version of the connected TiDB server. |
	| `SSL_VERSION` | The current version of SSL in use. |
	| `HOST_IP` | The current IP address of the connected TiDB server. |
	| `HOST_PORT` | The current port of the connected TiDB server. |
	| `CLIENT_IP` | The current IP address of the client. |
	| `CLIENT_PORT` | The current port of the client. |
	| `CURRENT_DB` | The name of the current database. Not recorded when the event classes include `DISCONNECT`. |
	| `CONNECTION_TYPE` | The type of the connection, such as Socket, UnixSocket, or SSL/TLS. |
	| `PID` | The process ID of the current connection. |
	| `SERVER_VERSION` | The version of the connected TiDB server. |
	| `SSL_VERSION` | The version of SSL in use. |
	| `HOST_IP` | The IP address of the connected TiDB server. |
	| `HOST_PORT` | The port of the connected TiDB server. |
	| `CLIENT_IP` | The IP address of the client. |
	| `CLIENT_PORT` | The port of the client. |

[Oreoxmt]

Suggested change

	> To improve traffic visibility, `CLIENT_IP` now displays the real client IP address for connections via AWS PrivateLink, instead of the Load Balancer (LB) IP. Currently, this feature is in beta and is available only in the AWS region `Frankfurt (eu-central-1)`.
	> To improve traffic visibility, `CLIENT_IP` displays the actual client IP address for connections through AWS PrivateLink instead of the load balancer IP. This feature is in beta and is available only in the AWS region `Frankfurt (eu-central-1)`.

[Oreoxmt]

Suggested change

	| `AUDIT_OP_TARGET`| The objects of the setting related to TiDB Cloud database auditing. |
	| `AUDIT_OP_ARGS` | The arguments of the setting related to TiDB Cloud database auditing. |
	| `AUDIT_OP_TARGET`| The target object of the TiDB Cloud database audit setting change. |
	| `AUDIT_OP_ARGS` | The arguments used in the TiDB Cloud database audit setting change. |

[Oreoxmt]

Suggested change

	{{{ .premium }}} does not guarantee the sequential order of audit logs, which means that you might have to review all log files to find the most recent events. To sort the logs chronologically, you can use the `TIME` field in the audit logs.
	{{{ .premium }}} does not guarantee that audit logs are written in chronological order. To find the most recent events, you might need to review all log files. To sort logs chronologically, use the `TIME` field in each audit record.