检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Operation Audit security_enable_options Parameter description: This parameter lets you use the grant_to_public, grant_with_grant_option, and foreign_table_options functions. These functions are off by default for security. Set this parameter as needed.
Audit Switch audit_enabled Parameter description: Specifies whether to enable or disable the audit process. After the audit process is enabled, the auditing information written by the background process can be read from the pipe and written into audit files.
Auditing Audit Switch Operation Audit Parent Topic: GUC Parameters of the GaussDB(DWS) Database
Disabling Audit Log Dump/Kernel Audit Log Dump After the audit log dump or kernel audit log dump is enabled, you can disable it if you no longer need to dump audit logs or kernel audit logs to OBS. Log in to the GaussDB(DWS) console.
In the Audit Settings area, set the audit items: The default audit log retention policy is space-first, which means audit logs will be automatically deleted when the size of audit logs on a single node exceeds 1 GB.
GaussDB(DWS) Cluster Log Management Log Types Supported by GaussDB(DWS) Clusters Dumping GaussDB(DWS) Database Audit Logs Viewing GaussDB(DWS) Database Audit Logs Viewing Operation Logs on the GaussDB(DWS) Console Viewing Other Logs of the GaussDB(DWS) Cluster Parent Topic: GaussDB
After the separation of permissions is enabled, a system administrator does not have the CREATEROLE attribute (security administrator) and AUDITADMIN attribute (audit administrator).
For details, see Viewing Audit Logs of Key Operations on the Management Console. Database Audit Logs In GaussDB(DWS), database logs include O&M logs (CN, DN, and OS logs) and DDL/DML database audit logs, which are audited by Log Tank Service (LTS).
Audit Switch audit_enabled Parameter description: Specifies whether to enable or disable the audit process. After the audit process is enabled, the auditing information written by the background process can be read from the pipe and written into audit files.
Auditing Audit Switch Operation Audit Parent Topic: GUC Parameters of the GaussDB(DWS) Database
() Description: Displays audit logs of all CNs.
Reading from right to left, this indicates that audit items for bits 0 to 3 and bits 12 to 13 are enabled for auditing. For details about the audit content represented by these 22 binary bits, see Table 1.
Audit logs Querying Logs Parent Topic: API Description
Querying Parameter Modification Audit Records Function This API is used to query parameter modification audit records. Call Method For details, see Calling APIs.
Events can be triggered by user operations (such as audit events), or may be caused by cluster service status changes (for example, cluster repaired successfully or failed to repair the cluster).
In the navigation pane on the left, choose Tools > Table Diagnosis, and click the DDL Audit tab. The audit results are displayed. The selected audit items are displayed on the DDL Audit tab by default. You can configure the audit items on the Monitoring Collection page.
For how to enable and view database audit logs, see Viewing GaussDB(DWS) Database Audit Logs.
Database audit analyzes risks and sessions, and detects SQL injection attempts so you can stay apprised of your database status. Database audit provides a report template library to generate daily, weekly, or monthly audit reports according to your configurations.
Table 3 Audit types Audit type Description audit_open/audit_close Indicates that the audit type is operations enabling or disabling audit logs. user_login/user_logout Indicates that the audit type is operations and users with successful login/logout. system_start/system_stop/system_recover
Parent Topic: Audit logs
