Database Connector

Redis Connector

Connect DB Audit to your Redis databases for comprehensive command monitoring, ACL tracking, and compliance reporting with native slowlog and ACL log integration.

Native Deep Integration

ACL Integration

Native Redis 6.0+ ACL log collection

Slowlog Capture

Built-in slow command detection

<1% Performance Impact

Lightweight read-only collection

What You Can Monitor

Command Monitoring

Track all Redis commands including GET, SET, DEL, and complex operations with full parameter logging.

Authentication Tracking

Monitor AUTH commands, ACL changes, and connection attempts across all clients.

Key Access Patterns

Detect and analyze key access patterns to identify unusual activity or data exfiltration.

Slow Query Detection

Capture slow commands with the slowlog to identify performance issues and unusual operations.

Requirements

Redis Version 6.0 or higher (7.x recommended)

Network Access TCP port 6379 (or custom port)

Authentication Redis AUTH or ACL users

Required Permissions +@read, +@slow, +info, +client, +config get

Configuration Reference

Basic Connection

Field	Type	Required	Description
`name`	string	Yes	A unique name to identify this connection
`host`	string	Yes	Redis server hostname or IP address
`port`	number	Yes	Redis server port
`database`	number	No	Redis database number (0-15)
`username`	string	No	ACL username (Redis 6.0+)
`password`	password	Yes	Redis password or ACL user password (stored encrypted)

TLS Configuration

Field	Type	Default	Description
`ssl_enabled`	boolean	`false`	Enable TLS encryption
`ssl_ca_cert`	string	`-`	CA certificate for server verification
`ssl_cert`	string	`-`	Client certificate for mutual TLS
`ssl_key`	password	`-`	Client private key (stored encrypted)
`ssl_verify`	boolean	`true`	Verify server certificate

Log Collection

Field	Type	Default	Description
`log_collection_type`	select	`native_audit`	Method for collecting audit logs
`slowlog_enabled`	boolean	`true`	Collect slow command logs
`slowlog_threshold_us`	number	`10000`	Slowlog threshold in microseconds
`polling_interval`	number	`5`	Seconds between log collection polls

Log Collection Methods

DB Audit supports multiple methods for collecting audit data from Redis.

ACL Log & Slowlog

Recommended

Collect security events from ACL LOG and performance data from SLOWLOG for comprehensive auditing.

ACL violation tracking

Slow command capture

Low overhead

Production safe

MONITOR Command

Real-time stream of all commands using Redis MONITOR. High overhead, use for debugging only.

All commands captured

Real-time streaming

Full command text

Development/debugging

Create ACL User

Create a dedicated read-only ACL user for DB Audit (Redis 6.0+).

# Redis 6.0+ ACL: Create a dedicated audit user
# Connect with redis-cli as admin

# Create audit user with minimal read permissions
ACL SETUSER dbaudit_reader on >your_secure_password \
  ~* \
  +@read \
  +@slow \
  +info \
  +client \
  +config|get \
  +slowlog \
  +acl|log \
  +dbsize \
  -@dangerous

# Verify user was created
ACL LIST

# Save ACL to disk
ACL SAVE

# For Redis < 6.0, use requirepass in redis.conf
# requirepass your_secure_password

Configure Audit Logging

Enable slowlog and ACL logging in your Redis configuration.

# Redis Configuration for Auditing
# Add to redis.conf or use CONFIG SET

# Enable ACL logging (Redis 6.0+)
acllog-max-len 128

# Configure slowlog
slowlog-log-slower-than 10000
slowlog-max-len 128

# Enable keyspace notifications (optional)
notify-keyspace-events AKE

# For production: Consider using Redis Sentinel or Cluster
# with TLS enabled for security

# Example runtime configuration:
redis-cli CONFIG SET slowlog-log-slower-than 10000
redis-cli CONFIG SET slowlog-max-len 128
redis-cli CONFIG SET acllog-max-len 128

Configure DB Audit Collector

Add your Redis connection to the DB Audit configuration.

databases:
  - name: production-redis
    type: redis
    host: redis.example.com
    port: 6379
    database: 0
    username: dbaudit_reader  # Redis 6.0+ ACL
    password: ${REDIS_PASSWORD}

    # TLS Configuration (recommended for production)
    ssl:
      enabled: true
      ca_cert: /etc/dbaudit/certs/ca.pem
      verify: true

    # Connection settings
    connect_timeout: 5
    socket_timeout: 10

    # Monitoring options
    options:
      track_commands: true
      track_connections: true
      track_acl_violations: true
      slowlog_enabled: true
      slowlog_threshold_us: 10000

Test Connection

Verify your configuration before deploying.

# Test connection with redis-cli
redis-cli -h redis.example.com -p 6379 --user dbaudit_reader --pass your_password PING

# Test with TLS
redis-cli -h redis.example.com -p 6379 --tls \
  --cacert ca.pem \
  --user dbaudit_reader --pass your_password PING

# Check ACL permissions
redis-cli --user dbaudit_reader --pass your_password ACL WHOAMI

# Verify slowlog access
redis-cli --user dbaudit_reader --pass your_password SLOWLOG GET 5

# Check ACL log
redis-cli --user dbaudit_reader --pass your_password ACL LOG 5

# Verify DB Audit collector can connect
dbaudit-collector test-connections --config /etc/dbaudit/config.yaml

Compliance Support

DB Audit's Redis connector helps you meet audit requirements for major compliance frameworks.

SOC 2

Access logging

HIPAA

PHI access audit

PCI DSS

Cardholder data

GDPR

Data access rights

Troubleshooting

NOAUTH Authentication required

Verify that the password is correct. For ACL users, ensure you're using both --user and --pass options.

NOPERM - No permissions

Check that the ACL user has the required permissions. Use ACL GETUSER to verify the user's command permissions.

Connection refused

Check that Redis is running and accepting connections. Verify bind and protected-mode settings allow external connections.

Next Steps

Configure Alerts & Rules

View All Database Connectors

Ready to Audit Your Redis Database?

Start monitoring your Redis instances in minutes with native ACL and slowlog integration.

Start Free Trial Contact Sales