Database Audit Is Running Properly But Generates No Audit Records
Symptom
The functions of the database audit instance are normal. When there is database traffic, audit information about the executed SQL statement cannot be found in the SQL statement list.
Possible Causes
- SSL is enabled for the database.
- ForceEncryption is enabled for the SQL Server database protocol.
- The data volume is too large. As a result, the Agent process is suspended. You are advised to restart the container or optimize audit rules to reduce the data volume.
- If SSL is enabled for a database, the database cannot be audited.
- If ForceEncryption is enabled for a database, database audit cannot obtain file content from the database for analysis.
Disabling Database SSL
The MySQL database client is used as an example. Perform the following steps:
- Log in to the MySQL database client as user root.
- Run the following command to check the connection mode of the MySQL database:
\s
- Log in to the MySQL database in SSL mode.
- Run the following command to exit from the MySQL database:
- Log in to the MySQL database as user root.
Add the following parameters at the end of the login command:
--ssl-mode=DISABLED
or
--ssl=0
If you log in to the MySQL database in SSL mode, you can only disable SSL for this login. To use the database audit function, log in to the MySQL database in the mode described in 3.b.
- Run the following command to check the connection mode of the MySQL database:
If information similar to the following is displayed, SSL has been disabled for the MySQL database. Go to 4.
1
SSL: Not in use
- Run an SQL statement and search for it in the SQL statement list.
For details about how to search for SQL statements, see Viewing SQL Statement Details.
- If the SQL statement is found, the problem has been solved.
- If the SQL statement is not found, the problem persists. In this case, Disable ForceEncryption for the SQL Server protocol.
Disabling ForceEncryption for the SQL Server Protocol
- Open the SQL Server Configuration Manager dialog box.
- Select SQL Server Network Configuration.
- Right-click Protocols for MSSQLSERVER and choose Properties.
- Click the Flags tab. Set ForceEncryption to No.
- Restart the SQL Server service for the modification to take effect.
- Run an SQL statement and search for it in the SQL statement list.
For details about how to search for SQL statements, see Viewing SQL Statement Details.
- If the SQL statement is found, the problem has been solved.
- If the SQL statement is not found, the problem persists. Contact customer service.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.