Updated on 2022-12-30 GMT+08:00

Adding Audit Scope

By default, database audit complies with a full audit rule, which is used to audit all databases that are successfully connected to database audit. You can also add audit scope and specify the databases to be audited.

By default, the full audit rule takes effect even if other rules exist. To make another audit rule take effect, disable the full audit rule first.

Prerequisites

  • You have purchased a database audit instance and the Status is Running.
  • Database audit has been enabled.

Procedure

  1. Log in to the management console.
  2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. In the navigation tree, choose Rules.
  4. In the Instance drop-down list, select an instance to add audit scope.
  5. Add Audit Scope above the audit scope list.

    • By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. This audit rule is enabled by default. You can disable it but cannot delete it.
    • To make a custom rule take effect, disable the full audit rule first.

  6. In the displayed dialog box, set the audit scope, as shown in Figure 1. For details about related parameters, see Table 1.

    Figure 1 Add Audit Scope dialog box
    Table 1 Parameters

    Parameter

    Description

    Example Value

    Name

    Name of the custom audit scope

    audit00

    Database Name

    Select a database or ALL.

    db03

    Operations

    Audited operation type. It can be Login or Operation.

    When you select the Operation check box, you can select All operations or the operations in DDL, DML, and DCL.

    Login

    Database Account

    (Optional) Database username.

    You can specify multiple accounts, separated by commas (,).

    -

    Exception IP Address

    (Optional) IP addresses that do not need to be audited.

    NOTE:

    If an IP address is set as both a source and an exception IP address, the IP address will not be audited.

    -

    Source IP Address

    (Optional) IP address or IP address range used for accessing the database to be audited

    It must be an intranet IPv4 (for example, 192.168.1.1) or intranet IPv6 (for example, fe80:0000:0000:0000:0000:0000:0000:0000) address.

    -

    Source Port

    (Optional) Port number used for accessing the database to be audited

    -

  7. Click OK.

    When the audit scope is added successfully, it is displayed in the audit scope list in the state of Enabled.

Related Operations

In addition to adding the audit scope, you can enable or disable SQL injection detection and add risky operations to set audit rules for database audit.