Database Security Service
Database Security Service
- What's New
- Function Overview
- Service Overview
- Getting Started
-
User Guide
- Process Overview
- Purchasing Database Audit
- Step 1: Add a Database
- Step 2: Add an Agent
- Step 3: Download and Install the Agent
- Step 4: Add a Security Group Rule
- Step 5: Enable Database Audit
- Configuring Audit Rules
- Viewing Audit Results
- Notification Settings Management
- Viewing Monitoring Information
- Backing Up and Restoring Database Audit Logs
-
Other Operations
- Managing Database Audit Instances
- Viewing the Instance Overview
- Managing Databases and Agents
- Uninstalling an Agent
- Management an Audit Scope
- Viewing Information About SQL Injection Detection
- Managing Risky Operations
- Managing Privacy Data Protection Rules
- Managing Audit Reports
- Managing Backup Audit Logs
- Viewing Operation Logs
- Key Operations Recorded by CTS
- Monitoring
- Permission Control
- Best Practices
-
FAQs
- Product Consulting
-
Purchase
- Which Subnet Should I Choose When Purchasing an Instance?
- Why Do I Need to Select a VPC When Buying an Instance?
- How Many Database Audit Instances Can I Purchase in the Same Region?
- What Do I Do If a Message Indicating Insufficient Quota Is Displayed During Instance Purchase?
- How Do I Renew Database Audit?
- How Do I Unsubscribe from DBSS?
-
Functions
- Can Database Audit Be Used Across AZs?
- Does Database Audit (in Bypass Mode) Affect My Services?
- Can Database Audit Be Shared by Multiple Accounts?
- What Are the Functions of Database Audit?
- What Databases Does Database Audit Support?
- What OSs Can I Install the Database Audit Agent On?
- Does Database Audit Support Bidirectional Audit?
- Can I Audit Databases Across Different VPCs?
- Can Applications Using TLS Connections Be Audited?
- How Long Is the Database Audit Data Stored by Default?
- How Soon Can I Receive an Alarm Notification If an Exception Occurs in Database Audit?
- Is the Total Number Of Alarms Every Day the Same as that of Emails?
- Why I Cannot Preview the Database Security Audit Report Online?
- If I Use Middleware at the Service Side, Will It Affect Database Audit?
- Can DBSS Capture SQL Statements Executed by Third-Party Tools?
- Can DBSS Be Deployed Off the Cloud?
- Can I Change the VPC of a DBSS Instance?
- How Do I Interconnect with DBSS Audit Data Storage?
- What Should I Do If an Alarm of Insufficient DBSS Capacity Is Displayed?
-
Agent
- Which Functions Do the Database Audit Agent Provide?
- On What Windows Versions Can I Install the Agent?
- On What Linux OSs Can I Install the Agent?
- What Is the Process Name of the Database Audit Agent?
- (Linux OS) What Should I Do If I Lack the Permission to Run the Agent Installation Script?
- (Linux OS) Where Are the Logs of the Database Audit Agent Saved?
- When Should I Select an Existing Agent?
- What Do I Do If the Database Audit Agent Is Hibernating?
- How Do I Deploy the Agent If I Have an RDS Database That Connects to Multiple ECSs?
- How Do I Determine Where to Install an Agent?
- How Do I Run a Database Audit Agent?
- How Do I Check the Status of the Database Audit Agent?
- How Do I Download a Database Audit Agent?
- How Do I Uninstall a Database Audit Agent?
- Can I Modify the CPU and Memory Thresholds of the Agent?
- How Do I Install the Agent (in Linux OS)?
- How Do I Install the Agent (in Windows OS)?
- What Do I Do If the Communication Between the Agent and Database Audit Instance Is Abnormal?
- How Many Resources Are Consumed by an Agent When It Runs on a Node?
- What Do I Do If Agent Installation Fails?
- What Do I Do If the Error Message "unsupport this Linux version, please check your Linux version with install document!" Is Displayed During Agent Installation?
-
Operations
- How Do I Configure Database Audit?
- How Do I Disable SSL for a Database?
- How Do I Set the INSERT Audit Policy for Database Audit?
- How Do I Verify My Database Audit Configuration?
- How Do I Set Database Audit Rules for All Databases?
- How Do I Check the Version of Database Audit?
- How Do I View All Alarms in Database Audit?
- How Do I Audit an RDS Database Accessed through Intranet (by Applications Off the Cloud)?
- Troubleshooting
-
Logs
- Can the Operation Logs of Database Audit Be Migrated?
- How Long Are the Operation Logs of Database Audit Saved by Default?
- How Do I Check the Operation Logs of Database Audit?
- How Does Database Audit Process Logs?
- How Do I Back Up the Database Audit Logs?
- Can Database Audit Logs Be Directly Saved to OBS?
- Backup Gets Stuck at the Backup File Uploading Phase
- Change History
- Videos
On this page
Help Center/
Database Security Service/
FAQs/
Troubleshooting/
Database Audit Is Running Properly But Generates No Audit Records
Database Audit Is Running Properly But Generates No Audit Records
Updated on 2022-09-22 GMT+08:00
Symptom
The functions of the database audit instance are normal. When there is database traffic, audit information about the executed SQL statement cannot be found in the SQL statement list.
Possible Causes
- SSL is enabled for the database.
- ForceEncryption is enabled for the SQL Server database protocol.
- The data volume is too large. As a result, the Agent process is suspended. You are advised to restart the container or optimize audit rules to reduce the data volume.
- If SSL is enabled for a database, the database cannot be audited.
- If ForceEncryption is enabled for a database, database audit cannot obtain file content from the database for analysis.
Disabling Database SSL
The MySQL database client is used as an example. Perform the following steps:
- Log in to the MySQL database client as user root.
- Run the following command to check the connection mode of the MySQL database:
\s
- Log in to the MySQL database in SSL mode.
- Run the following command to exit from the MySQL database:
- Log in to the MySQL database as user root.
Add the following parameters at the end of the login command:
--ssl-mode=DISABLED
or
--ssl=0
NOTICE:
If you log in to the MySQL database in SSL mode, you can only disable SSL for this login. To use the database audit function, log in to the MySQL database in the mode described in 3.b.
- Run the following command to check the connection mode of the MySQL database:
If information similar to the following is displayed, SSL has been disabled for the MySQL database. Go to 4.
1
SSL: Not in use
- Run an SQL statement and search for it in the SQL statement list.
For details about how to search for SQL statements, see Viewing SQL Statement Details.
- If the SQL statement is found, the problem has been solved.
- If the SQL statement is not found, the problem persists. In this case, Disable ForceEncryption for the SQL Server protocol.
Disabling ForceEncryption for the SQL Server Protocol
- Open the SQL Server Configuration Manager dialog box.
- Select SQL Server Network Configuration.
- Right-click Protocols for MSSQLSERVER and choose Properties.
- Click the Flags tab. Set ForceEncryption to No.
- Restart the SQL Server service for the modification to take effect.
- Run an SQL statement and search for it in the SQL statement list.
For details about how to search for SQL statements, see Viewing SQL Statement Details.
- If the SQL statement is found, the problem has been solved.
- If the SQL statement is not found, the problem persists. Contact customer service.
Parent topic: Troubleshooting
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.