检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Audit Rules - Privacy Data Protection Querying a Privacy Data Masking Rule Obtaining Privacy Data Result Set Switch Enabling or Disabling Result Set Storage Obtaining the Privacy Data Anonymization Switch Enabling or Disabling the Privacy Data Masking Function Enabling or Disabling
Can Database Audit Logs Be Directly Saved to OBS? No. Database audit logs are directly saved to the log database. You can back up the logs to Object Storage Service (OBS). For details, see Backing Up Database Audit Logs.
How Do I Check the Version of Database Audit? To check the version of database audit, perform the following steps: Log in to the management console. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
Viewing Session Distribution After connecting the database to the database audit instance, view session distribution of the database. Prerequisites The database audit instance is in the Running state. For details about how to enable database audit, see Enable Database Audit.
How Do I Renew Database Audit? You can renew database audit instances before they expire.
Run the following command to uninstall the agent: sh uninstall.sh If the following information is displayed, the agent has been uninstalled successfully: 1 2 3 4 5 6 7 uninstall audit agent... exist os-release file stopping audit agent audit agent stopped stop audit_agent success
How Do I Run a Database Audit Agent? After a database is successfully added and the audit function is enabled, perform the following steps to run the agent program: Log in to the management console. Select an instance from the Instance drop-down list.
Can I Audit Databases Across Different VPCs? Yes. To audit databases in different VPCs, ensure the VPCs can communicate with each other. You can create peering connections between the VPCs. For details, see Creating a VPC Peering Connection with Another VPC in Your Account.
Parent topic: Audit Instance
Step 5: Enable Database Audit By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can enable audit and check audit results. For details, see Viewing the Audit Dashboard.
How Do I Back Up the Database Audit Logs? Database audit supports manual backup and automatic backup. Audit logs are backed up to OBS. Buckets will be automatically created and will incur a separate bill. Perform the following operations to automatically back up audit logs.
Step 2: Enable Database Audit By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can enable audit and check audit results. For details, see Viewing the Audit Dashboard.
This section describes how to enable the database audit function and check audit results. To audit a database, export the database configurations and install the agent on the nodes of the Cloud Container Engine (CCE) clusters connected to the database.
How Long Are the Operation Logs of Database Audit Saved by Default? The operation logs of database audit are permanently saved. Parent topic: Logs
How Do I Verify My Database Audit Configuration? To verify your database audit configurations after you enabled audit, perform the following steps: Enter an SQL statement (for example, show databases) in the node where the agent is installed. Log in to the management console.
How Do I Set Database Audit Rules for All Databases? By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. This audit rule is enabled by default.
What OSs Can I Install the Database Audit Agent On? To use database audit, you need to install its agent on the required database, application, or proxy side, and then connect to the database audit instance. The database audit agent can run on 64-bit Linux or 64-bit Windows.
The database audit instance is in the Running state. For details about how to enable database audit, see Enable Database Audit. Procedure Log in to the management console. Select a region, click , and choose Security & Compliance > Database Security Service.
Parent topic: Configuring Audit Rules
The maximum length of an audit statement or result set is 10,240 bytes. Excessive parts are not recorded in audit logs.
