文档首页/ 云数据库 TaurusDB/ API参考/ API(推荐)/ 日志管理/ 设置审计日志策略
更新时间:2025-09-09 GMT+08:00
在线调试
CLI示例
查看PDF
分享

设置审计日志策略

功能介绍

设置审计日志策略。

调用方法

请参见如何调用API

URI

PUT /v3/{project_id}/instances/{instance_id}/audit-log-policy

表1 路径参数

参数

是否必选

参数类型

描述

project_id

String

参数解释

租户在某一Region下的project ID。

获取方法请参见获取项目ID

约束限制

不涉及。

取值范围

只能由英文字母、数字组成,且长度为32个字符。

默认取值

不涉及。

instance_id

String

参数解释

实例ID,此参数是实例的唯一标识。

约束限制

不涉及。

取值范围

只能由英文字母、数字组成,后缀为in07,长度为36个字符。

默认取值

不涉及。

请求参数

表2 请求Header参数

参数

是否必选

参数类型

描述

X-Auth-Token

String

参数解释

用户Token。

通过调用IAM服务获取用户Token接口获取。

请求响应成功后在响应消息头中包含的“X-Subject-Token”的值即为Token值。

约束限制

不涉及。

取值范围

不涉及。

默认取值

不涉及。

Content-Type

String

参数解释

内容类型。

约束限制

不涉及。

取值范围

application/json。

默认取值

不涉及。

X-Language

String

参数解释

请求语言类型。

约束限制

不涉及。

取值范围

  • en-us

  • zh-cn

默认取值

en-us。
表3 请求Body参数

参数

是否必选

参数类型

描述

keep_days

Integer

参数解释

审计日志保存天数,0表示关闭审计日志策略。

约束限制

不涉及。

取值范围

0~732。

默认取值

7。

reserve_audit_logs

Boolean

参数解释

关闭审计日志策略时,是否保留历史审计日志。

约束限制

仅关闭审计日志策略时有效。

取值范围

  • true:表示关闭审计日志策略的同时,保留历史审计日志。

  • false:表示关闭审计日志策略的同时,删除已有的历史审计日志。

默认取值

true。

audit_types

Array of strings

参数解释

审计记录的操作类型,动态范围。空表示不过滤任何操作类型。

约束限制

不涉及。

取值范围

不涉及。

默认取值

不涉及。

响应参数

状态码:200

表4 响应Body参数

参数

参数类型

描述

result

String

参数解释

设置审计日志策略的操作结果。

取值范围

  • COMPLETED:已完成。

  • FAILED:设置失败。

job_id

String

参数解释

任务流ID。

取值范围

不涉及。

状态码:400

表5 响应Body参数

参数

参数类型

描述

error_code

String

错误码。

error_msg

String

错误消息。

状态码:500

表6 响应Body参数

参数

参数类型

描述

error_code

String

错误码。

error_msg

String

错误消息。

请求示例

  • 更新审计日志策略

    PUT https://{endpoint}/v3/054e292c9880d4992f02c0196d3ea468/instances/3d39c18788b54a919bab633874c159dfin07/audit-log-policy

{
  "keep_days" : 5,
  "audit_types" : [ "SELECT" ]
}

  • 关闭审计日志策略

    PUT https://{endpoint}/v3/054e292c9880d4992f02c0196d3ea468/instances/3d39c18788b54a919bab633874c159dfin07/audit-log-policy

{
  "keep_days" : 0,
  "reserve_audit_logs" : false
}

响应示例

状态码:200

Success.

{
  "result" : "COMPLETED",
  "job_id" : "e7a7535b-eb9b-45ac-a83a-020dc5016d94"
}

SDK代码示例

SDK代码示例如下。

  • 更新审计日志策略

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
    		 
    package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.gaussdb.v3.region.GaussDBRegion;
import com.huaweicloud.sdk.gaussdb.v3.*;
import com.huaweicloud.sdk.gaussdb.v3.model.*;

import java.util.List;
import java.util.ArrayList;

public class SetAuditLogPolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        GaussDBClient client = GaussDBClient.newBuilder()
                .withCredential(auth)
                .withRegion(GaussDBRegion.valueOf("<YOUR REGION>"))
                .build();
        SetAuditLogPolicyRequest request = new SetAuditLogPolicyRequest();
        request.withInstanceId("{instance_id}");
        SetAuditLogPolicyRequestBody body = new SetAuditLogPolicyRequestBody();
        List<String> listbodyAuditTypes = new ArrayList<>();
        listbodyAuditTypes.add("SELECT");
        body.withAuditTypes(listbodyAuditTypes);
        body.withKeepDays(5);
        request.withBody(body);
        try {
            SetAuditLogPolicyResponse response = client.setAuditLogPolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

  • 关闭审计日志策略

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
    		 
    package com.huaweicloud.sdk.test;

import com.huaweicloud.sdk.core.auth.ICredential;
import com.huaweicloud.sdk.core.auth.BasicCredentials;
import com.huaweicloud.sdk.core.exception.ConnectionException;
import com.huaweicloud.sdk.core.exception.RequestTimeoutException;
import com.huaweicloud.sdk.core.exception.ServiceResponseException;
import com.huaweicloud.sdk.gaussdb.v3.region.GaussDBRegion;
import com.huaweicloud.sdk.gaussdb.v3.*;
import com.huaweicloud.sdk.gaussdb.v3.model.*;


public class SetAuditLogPolicySolution {

    public static void main(String[] args) {
        // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
        // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
        String ak = System.getenv("CLOUD_SDK_AK");
        String sk = System.getenv("CLOUD_SDK_SK");
        String projectId = "{project_id}";

        ICredential auth = new BasicCredentials()
                .withProjectId(projectId)
                .withAk(ak)
                .withSk(sk);

        GaussDBClient client = GaussDBClient.newBuilder()
                .withCredential(auth)
                .withRegion(GaussDBRegion.valueOf("<YOUR REGION>"))
                .build();
        SetAuditLogPolicyRequest request = new SetAuditLogPolicyRequest();
        request.withInstanceId("{instance_id}");
        SetAuditLogPolicyRequestBody body = new SetAuditLogPolicyRequestBody();
        body.withReserveAuditLogs(false);
        body.withKeepDays(0);
        request.withBody(body);
        try {
            SetAuditLogPolicyResponse response = client.setAuditLogPolicy(request);
            System.out.println(response.toString());
        } catch (ConnectionException e) {
            e.printStackTrace();
        } catch (RequestTimeoutException e) {
            e.printStackTrace();
        } catch (ServiceResponseException e) {
            e.printStackTrace();
            System.out.println(e.getHttpStatusCode());
            System.out.println(e.getRequestId());
            System.out.println(e.getErrorCode());
            System.out.println(e.getErrorMsg());
        }
    }
}

  • 更新审计日志策略

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
    		 
    # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkgaussdb.v3.region.gaussdb_region import GaussDBRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkgaussdb.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = GaussDBClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(GaussDBRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = SetAuditLogPolicyRequest()
        request.instance_id = "{instance_id}"
        listAuditTypesbody = [
            "SELECT"
        ]
        request.body = SetAuditLogPolicyRequestBody(
            audit_types=listAuditTypesbody,
            keep_days=5
        )
        response = client.set_audit_log_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

  • 关闭审计日志策略

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
    		 
    # coding: utf-8

import os
from huaweicloudsdkcore.auth.credentials import BasicCredentials
from huaweicloudsdkgaussdb.v3.region.gaussdb_region import GaussDBRegion
from huaweicloudsdkcore.exceptions import exceptions
from huaweicloudsdkgaussdb.v3 import *

if __name__ == "__main__":
    # The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    # In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak = os.environ["CLOUD_SDK_AK"]
    sk = os.environ["CLOUD_SDK_SK"]
    projectId = "{project_id}"

    credentials = BasicCredentials(ak, sk, projectId)

    client = GaussDBClient.new_builder() \
        .with_credentials(credentials) \
        .with_region(GaussDBRegion.value_of("<YOUR REGION>")) \
        .build()

    try:
        request = SetAuditLogPolicyRequest()
        request.instance_id = "{instance_id}"
        request.body = SetAuditLogPolicyRequestBody(
            reserve_audit_logs=False,
            keep_days=0
        )
        response = client.set_audit_log_policy(request)
        print(response)
    except exceptions.ClientRequestException as e:
        print(e.status_code)
        print(e.request_id)
        print(e.error_code)
        print(e.error_msg)

  • 更新审计日志策略

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
    		 
    package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    gaussdb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/gaussdb/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/gaussdb/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/gaussdb/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := gaussdb.NewGaussDBClient(
        gaussdb.GaussDBClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.SetAuditLogPolicyRequest{}
	request.InstanceId = "{instance_id}"
	var listAuditTypesbody = []string{
        "SELECT",
    }
	request.Body = &model.SetAuditLogPolicyRequestBody{
		AuditTypes: &listAuditTypesbody,
		KeepDays: int32(5),
	}
	response, err := client.SetAuditLogPolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

  • 关闭审计日志策略

     1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
    		 
    package main

import (
	"fmt"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/core/auth/basic"
    gaussdb "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/gaussdb/v3"
	"github.com/huaweicloud/huaweicloud-sdk-go-v3/services/gaussdb/v3/model"
    region "github.com/huaweicloud/huaweicloud-sdk-go-v3/services/gaussdb/v3/region"
)

func main() {
    // The AK and SK used for authentication are hard-coded or stored in plaintext, which has great security risks. It is recommended that the AK and SK be stored in ciphertext in configuration files or environment variables and decrypted during use to ensure security.
    // In this example, AK and SK are stored in environment variables for authentication. Before running this example, set environment variables CLOUD_SDK_AK and CLOUD_SDK_SK in the local environment
    ak := os.Getenv("CLOUD_SDK_AK")
    sk := os.Getenv("CLOUD_SDK_SK")
    projectId := "{project_id}"

    auth := basic.NewCredentialsBuilder().
        WithAk(ak).
        WithSk(sk).
        WithProjectId(projectId).
        Build()

    client := gaussdb.NewGaussDBClient(
        gaussdb.GaussDBClientBuilder().
            WithRegion(region.ValueOf("<YOUR REGION>")).
            WithCredential(auth).
            Build())

    request := &model.SetAuditLogPolicyRequest{}
	request.InstanceId = "{instance_id}"
	reserveAuditLogsSetAuditLogPolicyRequestBody:= false
	request.Body = &model.SetAuditLogPolicyRequestBody{
		ReserveAuditLogs: &reserveAuditLogsSetAuditLogPolicyRequestBody,
		KeepDays: int32(0),
	}
	response, err := client.SetAuditLogPolicy(request)
	if err == nil {
        fmt.Printf("%+v\n", response)
    } else {
        fmt.Println(err)
    }
}

更多编程语言的SDK代码示例,请参见API Explorer的代码示例页签,可生成自动对应的SDK代码示例。

状态码

状态码

描述

200

Success.

400

Client error.

500

Server error.

错误码

请参见错误码

父主题: 日志管理

相关文档