检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Each agent has a unique ID, which is used as the key for connecting to a database audit instance. If you delete an agent and add it back, you need to download the agent again. Prerequisites The database audit instance is in the Running state.
Otherwise, the installation fails. 1 2 3 4 5 start agent starting audit agent audit agent started start success install dbss audit agent done! If the agent installation failed, ensure the OS version of the target node is supported and try again.
Table 1 Agent installation scenarios Scenario Node Audit Scope Precautions Self-built database on ECS/BMS Database All access records of applications that have accessed the database Install the agent on the database side.
You can use the DBSS instances to audit databases built on ECS. RDS DBSS can audit RDS instances. BMS DBSS can audit databases built on BMSs. CTS Cloud Trace Service (CTS) provides you with a history of DBSS operations.
Deployment Architecture Database audit is deployed in out-of-path pattern. It supports audit of RDS databases and databases built on ECS and BMS on Huawei Cloud.
Viewing Information About SQL Injection Detection This section describes how to view SQL injection detection information of a database audit instance. Prerequisites The database audit instance is in the Running state.
Viewing the System Monitoring This section describes how to view the system monitoring of database audit and learn about system resources and traffic usage. Prerequisites The database audit instance is in the Running state.
Constraints Database audit is subject to certain constraints. Supported Database Types Database audit supports databases on the cloud, on-premises, or on other clouds (the network connection between the database and the audit instance must be normal).
agent audit agent started start success install dbss audit agent done!
Prerequisites The database audit instance is in the Running state. For details about how to enable database audit, see Enable Database Audit. Set alarm notification by referring to Configuring Alarm Notifications. Procedure Log in to the management console.
This section describes how to enable the database audit function and check audit results.
Advantages Database Audit Database audit provides you with the database audit function in out-of-path pattern, enabling the system to generate real-time alarms for risky operations. In addition, database audit generates compliance reports that meet data security standards.
Functions Database Audit Database audit delivers functions such as user behavior detection and audit, multi-dimensional lead analysis, real-time alarms, and reports.
agent audit agent started start success install dbss audit agent done!
Table 4 Database audit editions Edition Specification Maximum Databases Performance Starter Database audit starter edition 1 Peak QPS: 1,000 queries/second Database load rate: 1.2 million statements/hour Online SQL statement storage: 100 million statements Basic Database audit basic
Scenario If you audit your database without installing the agent, you do not need to disable SSL for the database. Skip this section. If you audit your database by installing an agent, you need to disable SSL for the database. Otherwise, you cannot obtain audit data.
Database audit supports databases on the cloud, on-premises, or on other clouds (the network connection between the database and the audit instance must be normal).
Viewing Operation Logs This section describes how to view operation logs of a database audit instance. Prerequisites The database audit instance is in the Running state. Procedure Log in to the management console.
Supported Database Types Database audit supports the following database types and versions.
Checking for Data Reduction Scenario Database audit provides a preconfigured rule to check audit logs for data security risks, such as SQL statements used for data breach.
