检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Audit and Logs Audit Cloud Trace Service (CTS) CTS records operations on the cloud resources in your account. You can use the logs generated by CTS to perform security analysis, track resource changes, audit compliance, and locate faults.
Constraints N/A Range true: Historical audit logs will be reserved for some time when SQL audit is disabled. false: Historical audit logs will be deleted immediately when SQL audit is disabled.
Range ≥ 0 Table 5 AuditLogDetail Parameter Type Description id String Definition Audit log ID. Range N/A name String Definition Audit log file name. Range N/A size Long Definition Audit log size, in KB. Range N/A begin_time String Definition Start time of the audit log.
Keep the following points in mind before you enable audit logging or audit log reporting to LTS: Enabling audit logging or audit log reporting to LTS generates audit logs and the sensitive information in the audit logs is not anonymized.
Downloading SQL Audit Logs If you enable SQL audit, the system records all SQL operations and uploads logs every half an hour or when the size is accumulated to 100 MB. You can download audit logs to view details. The minimum time unit of audit logs is second.
You can also analyze binlogs or audit logs to check whether a DDL statement and transaction with consistent snapshot are executed concurrently on the same table. Solution Do not execute a DDL statement and transaction with consistent snapshot concurrently on the same table.
Querying the Policy for SQL Audit Logs Function This API is used to query the policy for SQL audit logs. Before calling this API: Learn how to authorize and authenticate it. Obtain the required region and endpoint.
Obtaining Links for Downloading Audit Logs Function This API is used to obtain links for downloading audit logs. Before calling this API: Learn how to authorize and authenticate it. Obtain the required region and endpoint.
You can use the logs generated by CTS to perform security analysis, track resource changes, audit compliance, and locate faults. After you enable CTS and configure a tracker, CTS can record management and data traces of TaurusDB for auditing.
Security Shared Responsibilities Identity Authentication and Access Control Data Protection Audit and Logs Monitoring and Alarms Instance DR Certificates
If you need to enable general_log for full SQL audit and troubleshooting, you can use TOP SQL and SQL Insights. Parent Topic: Log Management
log policy gaussdb:instance:modifyTraceSQLPolicy - Querying an audit log policy gaussdb:log:list - Obtaining an audit log list gaussdb:log:list - Obtaining the link for downloading an audit log gaussdb:log:list - Changing the private IP address for read of a read replica gaussdb:
Key Operations Supported by CTS Cloud Trace Service (CTS) records operations related to TaurusDB for further query, audit, and backtracking. Table 1 lists the supported operations.
Audit logs (OBT) If you enable the SQL audit function, all SQL operations will be logged for your download and query. By default, SQL audit is disabled. Enabling this function may affect database performance. For details, see Enabling SQL Audit.
Cloud Trace Service (CTS) Records operations on cloud service resources for future query, audit, and backtrack. Data Replication Service (DRS) Smoothly migrates databases to the cloud.
Audit logs reported to LTS, error logs, and slow query logs cannot share a given log stream. You can enable or disable log reporting for a maximum of 10 instances at once.
Logs Setting SQL Audit Querying the Policy for SQL Audit Logs Obtaining Links for Downloading Audit Logs Parent topic: APIs (Recommended)
Log Management Introduction to TaurusDB Logs Configuring Log Reporting Managing Error Logs of a DB Instance Managing Slow Query Logs of a DB Instance Configuring SQL Explorer for a DB Instance Querying and Downloading Binlogs (OBT) Enabling SQL Audit Downloading SQL Audit Logs
