检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Database audit analyzes risks and sessions, and detects SQL injection attempts so you can stay apprised of your database status. Database audit provides a report template library to generate daily, weekly, or monthly audit reports according to your configurations.
Audit and Logs Audit Cloud Trace Service (CTS) CTS is a log audit service intended for cloud security. It records operations on the cloud resources in your account.
Figure 1 Setting SQL audit To disable SQL audit, toggle off the Audit Logging switch, select the confirmation check box, and click OK. After SQL audit is disabled, all audit logs will be deleted immediately and cannot be recovered.
Backup space Backup space is used to store automated backups, manual backups, and SQL audit logs. You can get a free backup space of the same size as your purchased storage space. If the free backup space is used up, the additional space will be billed.
SQL audit logs You can change the retention period. Audit logs that have expired will be automatically deleted. For details, see Enabling SQL Audit. You can also disable SQL audit and select check box "I acknowledge that after audit log is disabled, all audit logs are deleted.".
Figure 1 RDS for PostgreSQL audit logs Table 1 Audit log field description Field Description AUDIT: Fixed prefix, which identifies an audit record. AUDIT_TYPE Audit type. The value can be SESSION, OBJECT, or CLIENT_AUTHENTICATION.
After a major version upgrade, the audit logs, error logs, and slow query logs of the original instance are still stored in the original instance. You can only view the logs generated after the upgrade on the new instance. Read replicas do not support major version upgrades.
Check for misoperations: If SQL audit has been enabled, you can view data execution records in audit logs. Restore data using backup files: Use the RDS for PostgreSQL restoration function. Import the backup data to RDS for PostgreSQL from an ECS.
Enabling Database Audit By using the PostgreSQL Audit extension (pgAudit) with your RDS for PostgreSQL instance, you can capture detailed records that auditors usually need to meet compliance regulations.
Security Shared Responsibilities Identity Authentication and Access Control Data Protection Audit and Logs Risk Monitoring Fault Recovery Certificates
Cloud Trace Service (CTS) Records operations on cloud service resources for query, audit, and backtrack. Data Replication Service (DRS) Smoothly migrates databases to the cloud.
Key Operations Supported by CTS Cloud Trace Service (CTS) records operations related to RDS for further query, audit, and backtrack.
View database login and logout time in SQL audit logs. For details about how to enable SQL audit, see Enabling SQL Audit.
Log Management Log Reporting Viewing and Downloading Error Logs Viewing and Downloading Slow Query Logs Enabling SQL Audit Downloading SQL Audit Logs
SQL Audit records all SQL operations in log files for download and query. All regions Viewing and Downloading Error Logs Viewing and Downloading Slow Query Logs Enabling SQL Audit APIs RDS supports v3 APIs.
The audit log contains the following information: AUDIT: OBJECT,1,1,READ,SELECT,TABLE,public.t1,select * from t1; AUDIT indicates an audit log entry. OBJECT indicates an object-level audit log. The first 1 indicates the object ID. The second 1 indicates the sub-ID of the object.
We are sorry for any inconvenience caused. pg_sql_history This extension is used by Database Security Service (DBSS) to audit SQL operations of RDS for PostgreSQL instances.
Viewing Tracing Events For details about how to view audit logs, see Querying Real-Time Traces. Parent Topic: Interconnection with CTS
log function rds:auditlog:operate N/A Obtaining an audit log list rds:auditlog:list N/A Querying the audit log policy rds:auditlog:list N/A Obtaining the link for downloading an audit log rds:auditlog:download N/A Obtaining a switchover log rds:log:list N/A Creating a database rds
Log Size Size of audit logs ≥ 0 GB 1024 RDS for PostgreSQL instance 5 minutes slave_replication_status Stream Replication Status of Standby Node Stream replication status of the standby node.
