检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
The Audit Log Is Enabled Rule Details Table 1 Rule details Parameter Description Rule Name gaussdb-mysql-instance-enable-auditlog Identifier gaussdb-mysql-instance-enable-auditlog Description If the audit log is not enabled for a TaurusDB instance, this instance is noncompliant.
Parent topic: Audit Instance
Viewing Audit Logs After you enable CTS, the system starts recording operations on CFW. You can view the operation records of the last seven days on the CTS console. For details about how to view audit logs, see Querying Real-Time Traces (for New Console).
Value range: N/A name String Explanation: Indicates the audit log file name. Value range: N/A size Long Explanation: Indicates the size in KB of the audit log. Value range: N/A begin_time String Explanation: Indicates the start time of the audit log.
Querying Audit Logs For details about how to view audit logs, see Querying Real-Time Traces. Parent topic: Key Operations Recorded by CTS
To modify the audit policy, click Set Audit Policy. In the dialog box that is displayed, modify the audit policy. Figure 2 Modifying the audit policy Disable the audit policy. After the audit policy is disabled, no audit log is generated. To disable the audit policy, click .
Using CTS to Audit DLI With CTS, you can log operations related to DLI, making it easier to search, audit, and trace in the future.
Kubernetes Audit Logs Table 1 Kubernetes audit logs Log Type Component Log Stream Description Kubernetes audit logs audit audit-{{clusterID}} An audit log is a chronological record of user operations on Kubernetes APIs and control plane activities for security.
What Is Database Audit? Database audit is deployed in out-of-path mode. It records user access to the database in real time, generates fine-grained audit reports, sends real-time alarms for risky operations and attack behaviors.
policy. openGauss=# CREATE AUDIT POLICY adt1 PRIVILEGES CREATE; -- Perform the SELECT operation on the database to create an audit policy. openGauss=# CREATE AUDIT POLICY adt2 ACCESS SELECT; -- Create an audit policy to audit only the CREATE operations performed on the adt_lb0
policy. openGauss=# CREATE AUDIT POLICY adt1 PRIVILEGES CREATE; -- Perform the SELECT operation on the database to create an audit policy. openGauss=# CREATE AUDIT POLICY adt2 ACCESS SELECT; -- Create an audit policy to audit only the CREATE operations performed on the adt_lb0
policy. gaussdb=# CREATE AUDIT POLICY adt1 PRIVILEGES CREATE; -- Perform the SELECT operation on the database to create an audit policy. gaussdb=# CREATE AUDIT POLICY adt2 ACCESS SELECT; -- Create an audit policy to audit only the CREATE operations performed on the adt_lb0 resource
policy. gaussdb=# CREATE AUDIT POLICY adt1 PRIVILEGES CREATE; -- Perform the SELECT operation on the database to create an audit policy. gaussdb=# CREATE AUDIT POLICY adt2 ACCESS SELECT; -- Create an audit policy to audit only the CREATE operations performed on the adt_lb0 resource
Parent topic: Audit Instance
Viewing Audit Logs Scenarios Operations performed in the last seven days are recorded by CTS. This section describes how to view the operation records on the CTS console. Procedure Log in to the management console.
Viewing Audit Logs After you enable CTS, the system starts recording operations on CGS. Operation records generated during the last seven days can be viewed on the CTS console. Viewing a CGS Trace on the CTS Console Log in to the management console.
Viewing Audit Logs After you enable CTS, it starts recording operations on ESM. CTS stores operation records for the last seven days. This section describes how to view the operation records on the CTS console. Procedure Log in to the management console.
Operation Audit audit_system_object Parameter description: Specifies whether to audit the CREATE, DROP, and ALTER operations on the GaussDB database object. The GaussDB database objects include databases, users, schemas, and tables.
What Are the Functions of Database Audit? Database audit is deployed in out-of-path pattern and can perform flexible audit on databases built on ECS, BMS, and RDS without affecting services.
Parent topic: Audit Instance