None

Getting Started with Database Audit

  • Database audit is deployed in bypass pattern. It records user access to the database in real time, generates fine-grained audit reports, sends real-time alarms for risky operations and attack behaviors. In addition, database audit generates compliance reports that meet data security standards (such as Sarbanes-Oxley) to locate internal violations and improper operations, thus ensuring data asset security.

  • You can audit Relational Database Service (RDS) databases, and any databases you built on HUAWEI CLOUD Elastic Cloud Servers (ECSs) and Bare Metal Servers (BMSs). The audit will not affect your services.

  • This guide takes a self-built ECS database (running Linux OS) as an example to describe how to audit a database.

Step 1: Purchase Database Audit

1. Log in to the HUAWEI CLOUD management console.
2. Go to the Buy Database Audit page.
3. Configure the parameters of the database audit instance and purchase the instance.

1

Configuring database audit instance parameters

Apply for a VPC.

View Image

Step 2: Add a Database and Enable Audit

1. In the navigation tree on the left, choose Database Audit > Databases. Click Add Database.
2. Configure database parameters.  
3. After the agent is installed, click Enable in the Operation column of a database.

Note

The initial Audit Status of an added database is Disabled.

1

Adding a database

Select the charging mode.

2

Configuring database parameters

选择实例配置

2

Enabling Database Security Audit

选择实例配置

View Image

Step 3: Add and Install an Agent

1. In the Agent column of the database, click Add.
2.Download the agent installation package.
3. Log in to the self-built database on the ECS and install the agent.

Note

  • The Installing Node Type of a self-built database on ECS or BMS can be Database or Application.
  • After adding an Agent, you must enable the TCP protocol (port 8000) and UDP protocol (port 7000 to 7100) in the inbound direction for the security group to which the database audit instance belongs to prevent network disconnection between the Agent and the audit instance.
  • The full audit rule takes effect by default. All databases connected to the database audit instance are audited. You can check the audit results of the database after the agent is installed.

1

Adding an agent

Obtain the instance's connection address.

2

Downloading the agent installation package

Download and install a client.

3

Installing an agent

Access the cache instance.

View Image

Step 4: Check Audit Results

1. In the navigation pane, choose Database Audit > Dashboard.
2. On the Dashboard page, check the overall database audit status.

Note

You can view database audit reports in Google Chrome or Mozilla FireFox.

1

Going to the Dashboard page

Obtain the instance's connection address.

2

Checking audit results

Download and install a client.

View Image