Help Center/ GaussDB(DWS)/ Management Guide/ Audit Logs/ Database Audit Logs/ Configuring the Database Audit Logs
Updated on 2024-09-05 GMT+08:00
View PDF

Configuring the Database Audit Logs

Prerequisites

Database audit logs can be set on the Security Settings page of the cluster. Security configurations can be modified only for clusters in the Available or Unbalanced state. Furthermore, the target cluster should not be undergoing any node additions, specification changes, configurations, upgrades, redistributions, or restarts.

Procedure

  1. Log in to the GaussDB(DWS) console.
  2. Choose Clusters > Dedicated Clusters.
  3. In the cluster list, click the name of a cluster. Choose Security.

    By default, Configuration Status is Synchronized, which indicates that the latest database results are displayed.

  4. In the Audit Settings area, set the audit items:

    The default audit log retention policy is space-first, which means audit logs will be automatically deleted when the size of audit logs on a single node exceeds 1 GB. This function prevents node faults or low performance caused by high disk space occupied by audit logs.

    Table 1 describes the detailed information about the audit items.

    Table 1 Audit items

    Audit Item

    Description

    Unauthorized access

    Specifies whether to record unauthorized operations. This parameter is disabled by default.

    DQL operations

    SELECT operations can be selected.

    NOTE:

    Clusters of 8.1.1.100 and later versions support the DQL operations audit item.

    DML operations

    Specifies whether to record INSERT, UPDATE, and DELETE operations on tables. This parameter is disabled by default.

    NOTE:

    8.1.1.100 and later versions support fine-grained splitting of audit items, and the COPY and MERGE options are added.

    SELECT operations

    Specifies whether to record the SELECT operation. This parameter is disabled by default.

    Stored procedure executions

    Specifies whether to record operations when executing the stored procedure or user-defined functions. This parameter is disabled by default.

    COPY operations

    Specifies whether to record the COPY operation. This parameter is disabled by default.

    DDL operations

    Specifies whether to record the CREATE, DROP, and ALTER operations of specified database objects. DATABASE, SCHEMA, and USER are selected by default.

    NOTE:

    8.1.1.100 and later versions support TABLE, DATA SOURCE, and NODE GROUP operations. These operations are enabled by default.

    Other operations

    Specifies whether to record other operations. Only the TRANSACTION and CURSOR operations are selected by default.

    NOTE:
    • 8.1.1.100 and later versions support the Other operations audit item.
    • You are advised to select TRANSACTION. Otherwise, statements in a transaction will not be audited.
    • You are advised to select CURSOR. Otherwise, SELECT statements in a cursor will not be audited. The Data Studio client automatically encapsulates SELECT statements using CURSOR.

    Except the audit items listed in Table 1, key audit items in Table 2 are enabled by default on GaussDB(DWS).

    Table 2 Key audit items

    Parameter

    Description

    Key audit items

    Records successful and failed logins and logout.

    Records database startup, stop, recovery, and switchover.

    Records user locking and unlocking.

    Records the grants and reclaims of user permissions.

    Records the audit function of the SET operation.

  5. Enable or disable audit log dumps.

    For more information, see Enabling Audit Log Dumps.

  6. Click Apply.

    If Configuration Status is Applying, the system is saving the settings.

    When the status changes to Synchronized, the configurations are saved and take effect.

    You can click to refresh the configuration information.

Parent topic: Database Audit Logs