Process Overview
This section describes how to quickly enable database audit.
Background
Database audit supports auditing user-installed databases on ECS/BMS as well as RDS databases on Huawei Cloud.
- Database audit cannot be used across regions. The database to be audited and the database audit instance you purchased must be in the same region.
- If SSL is enabled for a database, the database cannot be audited. To use database audit, disable SSL first. For details, see How Do I Disable SSL for a Database?
- For details about audit data storage, see How Long Is the Audit Data of Database Audit Stored by Default?
Create a database audit instance, connect the instance with the target database, and enable database audit.
Auditing Databases Without Agents
Databases of some types and versions can be audited without using agents, as shown in Table 1.
| Database Type | Supported Edition |
|---|---|
| GaussDB(for MySQL) | All editions are supported by default. |
| RDS for SQLServer (Supported by CTS 23.02.27.182148 and later versions) | All editions are supported by default. |
| RDS for MySQL |
|
| GaussDB(DWS) |
|
| PostGresql (Supported by CTS 23.04.17.123301 and later versions) |
|
| Step | Configuration | Description |
|---|---|---|
| 1 | Purchase database audit. Add a database to the database audit instance and enable audit for the database. Apply for database audit. Add a database to the database audit instance and enable audit for the database. | |
| 2 | Enable database audit and connect the added database to the database audit instance. | |
| 3 | By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page. NOTICE: You can set database audit rules as required. For details, see Adding Audit Scope. |
Auditing Databases Using Agents
For a database whose type and version are not listed in Table 1, you need to install an agent to enable the database audit.
| Step | Configuration | Description |
|---|---|---|
| 1 | Purchase database audit. Add a database to the database audit instance and enable audit for the database. | |
| 2 | Select an agent add mode. Database audit supports auditing databases built on ECS, BMS, and RDS on Huawei Cloud. Select an agent add mode based on your database deployed on Huawei Cloud. | |
| 3 | Configure TCP (port 8000) and UDP (ports 7000 to 7100) in the security group inbound rule of the database audit instance to allow the agent to communicate with the audit instance. | |
| 4 | Download and then install the agent on the database or application based on the add mode you chose. | |
| 5 | Enable database audit and connect the added database to the database audit instance. | |
| 6 | By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page. NOTICE: You can set database audit rules as required. For details, see Adding Audit Scope. |
Deploying the Database Audit Agent in a Container
For a database of any types and versions, you can deploy the agent using a container to enable database audit.
For details, see Deploying the Database Audit Agent in a Container.
Helpful Links
- Choose the way to add an agent and the node to install it. For details, see How Do I Determine Where to Install an Agent?
- If the audit function is unavailable, rectify the fault by following the instructions provided in Database Audit Is Unavailable.
Verifying the Result
When you connect the added database to the database audit instance, database audit records all operations performed on the database. You can view the audit result on the database audit page.
Last Article: Enabling and Using Database Audit (by Installing Agents)
Next Article: Purchasing Database Audit
Did this article solve your problem?
Thank you for your score!Your feedback would help us improve the website.