检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Audit Log Upload Policy Description Scenario On the RDS console, audit logs are normally uploaded to OBS and a log file is generated every half an hour or for every 100 MB.
Database audit analyzes risks and sessions, and detects SQL injection attempts so you can stay apprised of your database status. Database audit provides a report template library to generate daily, weekly, or monthly audit reports according to your configurations.
Audit and Logs Audit Cloud Trace Service (CTS) CTS is a log audit service intended for cloud security. It records operations on the cloud resources in your account.
Audit logging issues in certain scenarios were resolved.
SQL audit logs You can change the retention period. Audit logs that have expired will be automatically deleted. For details, see Enabling SQL Audit. You can also disable SQL audit and select check box "I acknowledge that after audit log is disabled, all audit logs are deleted.".
Keep the following points in mind before you enable audit logging or audit log reporting to LTS: Enabling audit logging or audit log reporting to LTS generates audit logs and the sensitive information in the audit logs is not anonymized.
Downloading SQL Audit Logs Scenarios If you enable SQL audit, the system records all SQL operations and uploads logs every half an hour or when the size is accumulated to 100 MB. You can download audit logs to view details. The minimum time unit of audit logs is second.
You are advised to enable SQL audit in advance so that you can view SQL execution records in audit logs to locate the fault when the CPU usage is high. Solution 1 Analyze slow SQL logs and CPU usage to locate slow queries and then optimize them.
Check for misoperations: If SQL audit has been enabled, you can view data execution records in audit logs. Restore data using backup files: Use the RDS restoration function. Import the backup data to RDS through an ECS. Parent Topic: Backup and Restoration
You can also analyze binlogs or audit logs to check whether a DDL statement and transaction with consistent snapshot are executed concurrently on the same table. Solution Do not execute a DDL statement and transaction with consistent snapshot concurrently on the same table.
Security Shared Responsibilities Identity Authentication and Access Control Data Protection Audit and Logs Risk Monitoring Fault Recovery Certificates
*,to_seconds(now())-to_seconds(t.trx_started) idle_time from INFORMATION_SCHEMA.INNODB_TRX t \G; View audit logs or slow query logs to check whether a large amount of data is inserted at a time by a large transaction. Solution Kill the long-running transaction.
Scanned Rows Recorded in Slow Query Logs Rows Recorded in the SQL Diagnosis Result Far Less Than the Scanned Rows Recorded in Slow Query Logs Millisecond-Level SQL Statements Recorded in Slow Query Logs Viewing Storage of RDS DB Instances "The table is full" Displayed in Error Logs Audit
Cloud Trace Service (CTS) Records operations on cloud service resources for query, audit, and backtrack. Database Security Service (DBSS) Prevents database attacks, ensuring database security on the cloud.
Key Operations Supported by CTS Cloud Trace Service (CTS) records operations related to RDS for further query, audit, and backtrack.
View database login and logout time in SQL audit logs. For details about how to enable SQL audit, see Enabling SQL Audit. To view sessions, run the show processlist command in the database. Parent Topic: Database Usage
Log Management Log Reporting Viewing and Downloading Error Logs Viewing and Downloading Slow Query Logs Viewing Failover/Switchover Logs Enabling SQL Audit Downloading SQL Audit Logs
Figure 6 Disk space distribution If the total number of files in your storage (including data space, binlog space, slow query log space, relay log space, audit log space, temporary space, and other space) exceeds 10,000, RDS will not collect information about the files or display
You can use the SQL audit function of RDS to query all SQL operation records. You can also use the visualized database management service Data Admin Service (DAS) to quickly search for target SQL execution records. Querying SQL Logs Through DAS Log in to the management console.
Downloading a Binlog Backup Scenarios You can download binlog backups for audit, local storage, or query. For details, see Downloading a Single Binlog Backup and Downloading a Merged Binlog.
