检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Constraints Database audit is subject to certain constraints. Supported Database Types Database audit supports databases on the cloud, on-premises, or on other clouds (the network connection between the database and the audit instance must be normal).
agent audit agent started start success install dbss audit agent done!
Prerequisites The database audit instance is in the Running state. For details about how to enable database audit, see Enable Database Audit. Set alarm notification by referring to Configuring Alarm Notifications. Procedure Log in to the management console.
This section describes how to enable the database audit function and check audit results.
Advantages Database Audit Database audit provides you with the database audit function in out-of-path pattern, enabling the system to generate real-time alarms for risky operations. In addition, database audit generates compliance reports that meet data security standards.
Functions Database Audit Database audit delivers functions such as user behavior detection and audit, multi-dimensional lead analysis, real-time alarms, and reports.
agent audit agent started start success install dbss audit agent done!
Table 4 Database audit editions Edition Specification Maximum Databases Performance Starter Database audit starter edition 1 Peak QPS: 1,000 queries/second Database load rate: 1.2 million statements/hour Online SQL statement storage: 100 million statements Basic Database audit basic
Scenario If you audit your database without installing the agent, you do not need to disable SSL for the database. Skip this section. If you audit your database by installing an agent, you need to disable SSL for the database. Otherwise, you cannot obtain audit data.
Database audit supports databases on the cloud, on-premises, or on other clouds (the network connection between the database and the audit instance must be normal).
Supported Database Types Database audit supports the following database types and versions.
Viewing Operation Logs This section describes how to view operation logs of a database audit instance. Prerequisites The database audit instance is in the Running state. Procedure Log in to the management console.
Checking for Data Reduction Scenario Database audit provides a preconfigured rule to check audit logs for data security risks, such as SQL statements used for data breach.
After this function is enabled, the system updates the audit information of all instances every hour based on the preset rules. My Audit Information Displays the scanning and detection statistics of all instances.
Checking for Slow SQL Statements Scenarios Database audit provides a preconfigured rule to check for slow SQL statements, whose response time recorded in audit logs is greater than 1 second.
To use database audit, you need to install its agent on database nodes or application nodes. The database audit agent can be installed on a 64-bit Linux OS. Table 1 provides more details.
DBSS can audit all the logs and traffic accessible by the agent. Parent topic: Functions
You need to migrate services to the cloud before you can audit them using DBSS. Parent topic: Functions
Viewing a Role By default, the system creates roles such as the system administrator, audit administrator, and security administrator. Procedure Log in to a database encryption and access control instance as the secadmin user.
Parent topic: Audit Instance