检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Parent topic: Audit Instance
The default value is on, indicating that the audit function is enabled. In addition to the overall audit configuration, each audit item can be independently configured. The function of each audit item takes effect only after the configuration is enabled.
Its default value is on, indicating that the audit function is enabled. In addition to the overall audit switch, each audit item has an independent switch. An audit item is available only after its own switch is turned on. The switch of each audit supports dynamic loading.
What Are the Functions of Database Audit? Database audit is deployed in out-of-path pattern and can perform flexible audit on databases built on ECS, BMS, and RDS without affecting services.
Bit 9 Whether to audit the CREATE, DROP, and ALTER operations on resource pools.
Operation Audit audit_system_object Parameter description: Specifies whether to audit the CREATE, DROP, and ALTER operations on database objects. Database objects include databases, users, schemas, and tables.
SQL Audit Errors UGO.10100001 The SQL text file is too large UGO.10100002 Password encryption or decryption error UGO.10100005 The parameter is incorrect UGO.10100006 The audit task queue is full UGO.10100007 The number of rule templates has reached the limit UGO.10100008 Incorrect
Querying Audit Summary Information Function This API is used to query audit summary information. Calling Method For details, see Calling APIs.
For details about how to enable the cloud audit service, see Enabling CTS.
Adding an Audit Database Agent Function This API is used to add an audit database agent. Calling Method For details, see Calling APIs.
Supported Key Audit Log Operations CloudTable uses CTS to record operations associated with CloudTable for later query, audit, and backtrack operations. The following key operation traces of CloudTable are recorded in audit logs. For details, see Table 1.
Querying Audit Logs AAD Operations Supported by CTS Viewing CTS Traces Parent Topic: Advanced Anti-DDoS User Guide
Querying Audit SQL Statements Function This API is used to query audit SQL statements. Calling Method For details, see Calling APIs.
Querying Audit Alarm Information Function This API is used to query audit alarm information. Calling Method For details, see Calling APIs.
Figure 1 RDS for PostgreSQL audit logs Table 1 Audit log field description Field Description AUDIT: Fixed prefix, which identifies an audit record. AUDIT_TYPE Audit type. The value can be SESSION, OBJECT, or CLIENT_AUTHENTICATION.
Downloading SQL Audit Logs If you enable SQL audit, all SQL operations will be logged, and you can download audit logs to view details. The minimum time unit of audit logs is second. By default, SQL audit is disabled. Enabling this function may affect database performance.
Viewing RabbitMQ Audit Logs With Cloud Trace Service (CTS), you can record operations associated with DMS for RabbitMQ for later query, audit, and backtrack operations. Prerequisite CTS has been enabled.
Deleting Audit Logs API Description This API is used to delete audit logs.
View the database audit instances information. For details about related parameters, see Table 1. Figure 1 Viewing database audit instances You can click the name of an instance to view its overview.
Viewing RocketMQ Audit Logs Cloud Trace Service (CTS) records DMS for RocketMQ operations. You can query, audit, and backtrack them later. Prerequisite CTS has been enabled.
