Help Center/ Database Security Service/ FAQs/ Troubleshooting/ Database Audit Is Unavailable
Updated on 2022-09-22 GMT+08:00

Database Audit Is Unavailable

Symptom

After the database traffic is triggered, you cannot find the audit information about an executed statement in the SQL statement list.

In this case, perform the following operations to troubleshoot the problem:

Checking Database Information and Audit Function Settings

  1. Log in to the management console.
  2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. In the navigation tree on the left, choose Databases.
  4. Select an instance where the database is located from the Instance drop-down list.
  5. View the database information, as shown in Figure 1.

    Figure 1 Viewing the information about the database to be audited

  6. Check whether the database information is correct.

    • If the database information is correct, go to 7.
    • If the database information is incorrect, click Delete to delete the database, and then click Add Database to add the database again.
      • If the fault is rectified, no further operation is required.
      • If the problem persists, go to 7.

  7. Check whether the database audit function is enabled.

Checking Audited Database Settings

In the navigation tree on the left, choose Database Audit > Rules. The Audit Scope page is displayed. See Figure 2.

Figure 2 Audit scope

Checking Database Agent Status

  1. Log in to the node where the agent is installed as user root by using a cross-platform remote access tool (for example, PuTTY) via SSH.
  2. Run the following command to view the running status of the agent program:

    ps -ef|grep audit_agent
    • If the following information is displayed, the agent is running properly. Go to 4.
      1
      /opt/dbss_audit_agent/bin/audit_agent
      
    • If no information is displayed, the agent does not run properly. Go to 3.

  3. Run the following command to restart the agent:

    service audit_agent restart

    • If the fault is rectified, no further operation is required.
    • If the problem persists, go to 4.

  4. Run the following command to check the communication status between the agent and database audit instance:

    tailf /opt/dbss_audit_agent/log/audit_agent.log

    • If information similar to the following is displayed, the communication between the agent and database audit instance is normal. Go to Verifying the Result.
      Figure 3 Normal communication
    • If information similar to the following is displayed, the communication between the agent and database audit instance is abnormal. Go to Checking the Security Group Rules of the Database Audit Instance.
      Figure 4 Communication error

Checking the Security Group Rules of the Database Audit Instance

  1. Go to the Database Security Service page.
  2. In the navigation tree on the left, choose Database Audit > Databases. The Databases page is displayed.
  3. Select an instance where the database is located from the Instance drop-down list.
  4. Record the IP address of the agent node.

    Click next to the database to view the information of its agent, and record Installing Node IP Address. See Figure 5.
    Figure 5 Installing node IP address

  5. Click Add Security Group.
  6. In the displayed dialog box, record the security group name (for example, default) of the database audit instance.

    Figure 6 Adding a security group rule

  7. Click Go to VPC.
  8. In the security group list, enter the group name default in the search box in the upper right corner of the list, and click or press Enter. The group information is displayed in the list.
  9. Click the name of the security group default. Click the Inbound Rules tab.
  10. Check the inbound access rules of the security group.

    Check whether TCP (port number 8000) and UDP protocols (port number from 7000 to 7100) are configured in the inbound rules of the security group for the IP address of the installing node in 4.
    • If the inbound rules of the security group have been configured for the installing node, go to Verifying the Result.
    • If no inbound rules of the security group have been configured for the installing node, go to 11.

  11. Add an inbound rule for the installing node.

    1. On the Inbound Rules tab, click Add Rule. See Figure 7.
      Figure 7 Adding rules
    2. In the Add Inbound Rule dialog box, add TCP (port number 8000) and UDP protocols (port number from 7000 to 7100) for the installing node IP address in Figure 5. See Figure 8.
      Figure 8 Adding an inbound rule
    3. Click OK.

Verifying the Result

In your database, run an SQL statement on the node where the agent is installed, and then search for the statement in the SQL statement list.
  • If the SQL statement is found, the problem has been solved.
  • If the SQL statement is not found, the problem persists. Contact customer service.