检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
检测到您已登录华为云国际站账号,为了您更好的体验,建议您访问国际站服务网站 https://www.huaweicloud.com/intl/zh-cn
不再显示此消息
Audit and Logging Audit Cloud Trace Service (CTS) records operations on the cloud resources in your account. You can use the logs generated by CTS to perform security analysis, track resource changes, audit compliance, and locate faults.
Table of Audit Logs This function enables direct SQL statement execution for viewing and analyzing audit logs, eliminating the need to manually collect and analyze FE audit log files to check service volume and types.
Managing Backup Audit Logs After backing up audit logs, you can view or delete backup audit logs. Prerequisites The database audit instance is in the Running state. For details about how to enable database audit, see Enable Database Audit.
If the system data disk space is large enough, you can prolong the storage duration of system audit logs or even keep system audit logs for ever. For more details about system data backup, see How Can I Back Up CBH System Data? Parent topic: O&M Log Audit
Viewing DCS Audit Logs With CTS, you can query, audit, and review operations performed on cloud resources. Traces include the operation requests sent using the console or open APIs as well as the results of these requests.
Meeting Database Audit Compliance Requirements To meet compliance requirements, DBSS allows you to configure the retention period for audit logs, audit reports, and privacy audit logs Configuring Audit Log Retention Duration According to relevant audit laws and regulations, audit
Querying Audit Logs For details about how to view audit logs, see Querying Real-Time Traces. Parent topic: Key Operations Recorded by CTS
Range ≥ 0 Table 5 AuditLogDetail Parameter Type Description id String Definition Audit log ID. Range N/A name String Definition Audit log file name. Range N/A size Long Definition Audit log size, in KB. Range N/A begin_time String Definition Start time of the audit log.
policy. openGauss=# CREATE AUDIT POLICY adt1 PRIVILEGES CREATE; -- Perform the SELECT operation on the database to create an audit policy. openGauss=# CREATE AUDIT POLICY adt2 ACCESS SELECT; -- Create an audit policy to audit only the CREATE operations performed on the adt_lb0
policy. openGauss=# CREATE AUDIT POLICY adt1 PRIVILEGES CREATE; -- Perform the SELECT operation on the database to create an audit policy. openGauss=# CREATE AUDIT POLICY adt2 ACCESS SELECT; -- Create an audit policy to audit only the CREATE operations performed on the adt_lb0
policy. gaussdb=# CREATE AUDIT POLICY adt1 PRIVILEGES CREATE; -- Perform the SELECT operation on the database to create an audit policy. gaussdb=# CREATE AUDIT POLICY adt2 ACCESS SELECT; -- Create an audit policy to audit only the CREATE operations performed on the adt_lb0 resource
policy. gaussdb=# CREATE AUDIT POLICY adt1 PRIVILEGES CREATE; -- Perform the SELECT operation on the database to create an audit policy. gaussdb=# CREATE AUDIT POLICY adt2 ACCESS SELECT; -- Create an audit policy to audit only the CREATE operations performed on the adt_lb0 resource
Parent topic: Audit Instance
Viewing Audit Logs After you enable CTS, the system starts recording operations on CFW. You can view the operation records of the last seven days on the CTS console. For details about how to view audit logs, see Querying Real-Time Traces (for New Console).
Parent topic: Audit Instance
To modify the audit policy, click Set Audit Policy. In the dialog box that is displayed, modify the audit policy. Figure 2 Modifying the audit policy Disable the audit policy. After the audit policy is disabled, no audit log is generated. To disable the audit policy, click .
Using CTS to Audit DLI With CTS, you can log operations related to DLI, making it easier to search, audit, and trace in the future.
Kubernetes Audit Logs Table 1 Kubernetes audit logs Log Type Component Log Stream Description Kubernetes audit logs audit audit-{{clusterID}} An audit log is a chronological record of user operations on Kubernetes APIs and control plane activities for security.
What Is Database Audit? Database audit is deployed in out-of-path mode. It records user access to the database in real time, generates fine-grained audit reports, sends real-time alarms for risky operations and attack behaviors.
On the Retrieval page, view the audit log list. Figure 1 Audit log statistics (Optional) In the audit log list, click Details in a row to view details about the log. (Optional) To download audit logs to the local PC, click Export.
