Help Center/ Database Security Service/ FAQs/ Troubleshooting/ Database Audit Is Running Properly But Generates No Audit Records
Updated on 2022-09-22 GMT+08:00

Database Audit Is Running Properly But Generates No Audit Records

Symptom

The functions of the database audit instance are normal. When there is database traffic, audit information about the executed SQL statement cannot be found in the SQL statement list.

Possible Causes

  • SSL is enabled for the database.
  • ForceEncryption is enabled for the SQL Server database protocol.
  • The data volume is too large. As a result, the Agent process is suspended. You are advised to restart the container or optimize audit rules to reduce the data volume.
  • If SSL is enabled for a database, the database cannot be audited.
  • If ForceEncryption is enabled for a database, database audit cannot obtain file content from the database for analysis.

Disabling Database SSL

The MySQL database client is used as an example. Perform the following steps:

  1. Log in to the MySQL database client as user root.
  2. Run the following command to check the connection mode of the MySQL database:

    \s

    • If information similar to the following is displayed, SSL has been disabled for the MySQL database. Go to 4.
      1
      SSL:                    Not in use 
      
    • If information similar to the following is displayed, SSL has been enabled for the MySQL database. Go to 3.
      1
      SSL:                    Cipher in use is XXX-XXX-XXXXXX-XXX 
      

  3. Log in to the MySQL database in SSL mode.

    1. Run the following command to exit from the MySQL database:

      exit

    2. Log in to the MySQL database as user root.

      Add the following parameters at the end of the login command:

      --ssl-mode=DISABLED

      or

      --ssl=0

      If you log in to the MySQL database in SSL mode, you can only disable SSL for this login. To use the database audit function, log in to the MySQL database in the mode described in 3.b.

    3. Run the following command to check the connection mode of the MySQL database:

      \s

      If information similar to the following is displayed, SSL has been disabled for the MySQL database. Go to 4.
      1
      SSL:                    Not in use 
      

  4. Run an SQL statement and search for it in the SQL statement list.

    For details about how to search for SQL statements, see Viewing SQL Statement Details.

Disabling ForceEncryption for the SQL Server Protocol

  1. Open the SQL Server Configuration Manager dialog box.
  2. Select SQL Server Network Configuration.
  3. Right-click Protocols for MSSQLSERVER and choose Properties.
  4. Click the Flags tab. Set ForceEncryption to No.
  5. Restart the SQL Server service for the modification to take effect.
  6. Run an SQL statement and search for it in the SQL statement list.

    For details about how to search for SQL statements, see Viewing SQL Statement Details.
    • If the SQL statement is found, the problem has been solved.
    • If the SQL statement is not found, the problem persists. Contact customer service.