Deze pagina is nog niet beschikbaar in uw eigen taal. We werken er hard aan om meer taalversies toe te voegen. Bedankt voor uw steun.
Document Database Service
Document Database Service
- What's New
- Function Overview
- Service Overview
-
Getting Started
- Overview
- Getting Started with Clusters
- Getting Started with Replica Sets
- Getting Started with Single Nodes
- Logging In to the DDS Console
- Example: Buying and Connecting to a DDS Instance
- Change History (Getting Started) Europe Site
-
User Guide
- Migrating Data
- Performance Tuning
- Permissions Management
- Instance Lifecycle Management
- Instance Modifications
- Data Backups
- Data Restorations
-
Parameter Template Management
- Overview
- Creating a Parameter Template
- Modifying a Parameter Template
- Viewing Parameter Change History
- Exporting a Parameter Template
- Comparing Parameter Templates
- Replicating a Parameter Template
- Resetting a Parameter Template
- Applying a Parameter Template
- Viewing Application Records of a Parameter Template
- Modifying the Description of a Parameter Template
- Deleting a Parameter Template
- Connection Management
- Database Usage
- Data Security
- Monitoring and Alarm Reporting
- Auditing
- Logs
- Task Center
- Billing
- Tags
- Quotas
- DDS Usage Suggestions
- Change History
- Developer Guide
-
Best Practices
- Overview
- Common Methods for Connecting to a DDS Instance
- How Do Replica Sets Achieve High Availability and Read/Write Splitting?
- Sharding
- How Do I Improve DDS Performance by Optimizing SQL Statements?
- How Do I Prevent the Mongos Cache Problem?
- How Do I Solve the High CPU Usage Issue?
- Creating a User and Granting the Read-Only Permission to the User
- Security White Paper
- Performance White Paper
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
APIs V3.0 (Recommended)
- Querying the API Version
- Querying Database Version Information
- Querying Database Specifications
- Querying the Database Disk Type
-
DB Instance Management
- Creating a DB Instance
- Restarting a DB Instance
- Deleting a DB Instance
- Querying Instances and Details
- Scaling Up Storage Space
- Adding Nodes for a Cluster Instance
- Modifying DB Instance Specifications
- Performing a Primary/Secondary Switchover in a Replica Set Instance
- Enabling or Disabling SSL
- Modifying a DB Instance Name
- Changing an Instance Description
- Changing a Database Port
- Changing a Security Group
- Binding an EIP
- Unbinding an EIP
- Changing a Private IP Address
- Creating Shard or Config IP Addresses of a Cluster Instance
- Configuring Cross-CIDR Access for a Replica Set
- Querying AZs to Which an Instance Can Be Migrated
- Migrating a DB Instance to Another AZ
- Adding Nodes to a Replica Set Instance
- Adding a Read Replica to an Instance
- Connection Management
-
Backup and Restoration
- Creating a Manual Backup
- Deleting a Manual Backup
- Querying the Backup List
- Querying an Automated Backup Policy
- Setting an Automated Backup Policy
- Restoring Data to a New DB Instance
- Obtaining the Link for Downloading a Backup File
- Querying the Restoration Time Ranges
- Obtaining the List of Databases That Can Be Restored
- Obtaining the List of Database Collections That Can Be Restored
- Restoring Data to the Original DB Instance
- Restoring Databases and Tables to a Point in Time
- Parameter Configuration
- Log Information Queries
- Tag Management
-
Managing Databases and Users
- Creating a Database User
- Creating a Database Role
- Querying Details About Database Users
- Querying the Database Role List
- Changing the Password of a Database User
- Checking the Password for Logging In to a Database
- Querying Cluster Balancing Settings
- Enabling or Disabling Cluster Balancing
- Setting the Activity Time Window for Cluster Balancing
- Deleting a Database User
- Deleting a Database Role
- Quota Management
- Task Management
- API V3 (Unavailable Soon)
- Examples
- Permissions Policies and Supported Actions
- Appendix
- Change History (European Sites)
- SDK Reference
-
FAQs
-
Product Consulting
- What Is the Relationship Between DDS and MongoDB Community Edition?
- What Are the Differences Between DDS and GaussDB(for Mongo)?
- What Precautions Should Be Taken When Using DDS?
- What Is the Availability of DDS DB Instances?
- Will My DDS DB Instances Be Affected by Other Users' DDS DB Instances?
- Does DDS Support Multi-AZ Deployment?
- Can I Change the VPC for a Created Instance?
- Can I Change the Region for a Created Instance?
- What Is Hidden Node?
- Database Versions
-
Resource and Disk Management
- Which Items Occupy the Storage Space of DDS Instances?
- Which Types of Logs and Files Occupy DDS DB Instance Storage Space?
- Why Is the Storage Space Usage Displayed on the GUI Smaller Than the Actual Usage?
- Why Does Available Disk Space Not Increase After Data Is Deleted?
- Why Is the Resident Memory of a 4 vCPUs/8 GB Memory Replica Set Instance Only 4 GB?
- Capacity Expansion and Specification Changes
-
Database Performance
- When Will a Primary/Standby Switchover Be Triggered for a Cluster or Replica Set?
- High Storage Usage
- What Is the Time Delay for Primary/Secondary Synchronization in a Replica Set?
- How Is Data Transferred Between the Primary and Secondary Nodes of a Replica Set?
- How Do I Clear an Alarm Saying the Shard Memory Usage Exceeds 90%?
- What Can I Do If a Query Error Is Reported After Data Is Written Into the DDS Cluster?
- Database Permissions
-
Creation and Deletion
- How Do I Select Instance Specifications and Nodes?
- Why Is an Instance Not Displayed on the Console After It Is Created?
- Can I Use a Template to Create DDS DB Instances?
- Why Is Data Missing from My Database?
- Will My Backups Be Deleted If I Delete My Cloud Account?
- What Are the Differences Between Instance Deletion and Unsubscription?
-
Database Connection
- What Should I Do If I Fail to Connect to a DDS Instance?
- What Can I Do If the Number of Connections of an Instance Reaches Its Maximum?
- How Do I Query and Limit the Number of Connections?
- What Should I Do If the ECS and DDS Are Deployed in Different VPCs and They Cannot Communicate with Each Other?
- Do Applications Need to Support Automatic Reconnecting to the DDS Database?
- How Do I Create and Log In to an ECS?
- Installing a Client
- Database Usage
- Database Migration
- Database Storage
- Database Parameters
- Backup and Restoration
- Network Security
- Monitoring and Alarm
- Change History (FAQs) Europe Site
-
Product Consulting
-
Troubleshooting
- DDS Instance Node Fault Handling Mechanism
- Connection Failure Message: network error while attempting to run command 'isMaster'
- Connection Failure Messages: No route to host and connection attempt failed
- Connection Failure Message: Authentication failed
- Connection Failure Message: couldn't connect to server
- Connection Failure Message: cannot list multiple servers in URL without 'replicaSet' option
- Connection Failure Message: Timeout while receiving message
- Connection Failure Message: exception: login failed and U_STRINGPREP_PROHIBITED_ERROR
- Change History (Troubleshooting) European Sites
- Videos
On this page
Audit Logs
Updated on 2023-03-15 GMT+08:00
An audit log records operations performed on your databases and collections. The generated log files are stored in OBS. Auditing logs can enhance your database security and help you analyze the cause of failed operations.
Precautions
- Audit log is disabled by default. You can enable it based on your service requirements. Enabling it may have a slight impact on your system performance.
- DDS checks generated audit logs. If the retention period of logs exceeds the period you set, DDS will delete the logs. It is recommended that audit logs be stored for more than 180 days for tracing and problem analysis.
- After the audit policy is modified, DDS audits logs according to the new policy and the retention period of the original audit logs is subject to the modified retention period.
- You are not advised to delete audit logs. To delete audit logs, ensure that this operation meets external and internal security compliance requirements, and download audit logs and back them up locally. Audit logs cannot be restored after being deleted. Exercise caution when performing this operation.
- You can view, download, and delete DDS instance audit logs on the DDS console. For details, see Viewing Audit Logs on the DDS Console. By enabling log reporting in Log Reporting, you can also view details about audit logs of DDS DB instances on the LTS console, including searching for logs, monitoring logs, downloading logs, and viewing real-time logs.
Example Traces
The following is an example of querying the replica set status.
{
"atype": "replSetGetStatus",
"ts": {
"$date": "2022-06-29T07:23:29.077+0000"
},
"local": {
"ip": "127.0.0.1",
"port": 8636
},
"remote": {
"ip": "127.0.0.1",
"port": 50860
},
"users": [
{
"user": "rwuser",
"db": "admin"
}
],
"roles": [
{
"role": "root",
"db": "admin"
}
],
"param": {
"command": "replSetGetStatus",
"ns": "admin",
"args": {
"replSetGetStatus": 1,
"forShell": 1,
"$clusterTime": {
"clusterTime": {
"$timestamp": {
"t": 1656487409,
"i": 117
}
},
"signature": {
"hash": {
"$binary": "PTJhGQ6cr8RyzuqbevXfG0xWj/c=",
"$type": "00"
},
"keyId": {
"$numberLong": "7102437926763495425"
}
}
},
"$db": "admin"
}
},
"result": 0
}Configuring the Audit Policy
- Log in to the management console.
- Click
in the upper left corner and select a region and a project. - Click
in the upper left corner of the page and choose Databases > Document Database Service. - On the Instances page, click the instance name.
- In the navigation pane on the left, choose Audit Logs.
- On the Audit Logs page, click Set Audit Policy.
- On the displayed page, click
. - Configure required parameters and click OK to enable the audit policy.
Figure 1 Enabling audit policy
Table 1 Parameter description Parameter
Description
All
Audit all collections in the instance.
Custom
Audit specified databases or collections in the instance.
The database or collection name cannot contain spaces or the following special characters: /\' : "[]{}() The dollar sign ($) can be used only as an escape character.
The database name can contain a maximum of 64 characters.
If you enter a combined database and collection name, the total name length is 120 characters with the database name length of no more than 64 characters and the collection name cannot be blank, contain null, or use system. in prefix.
Statement Type
You can query audit logs of specified statements in a collection, including auth, insert, update, delete, command and query statements.
Retention Days
The number of days to retain audit logs. Range: 7 to 732
- After the audit policy is enabled, you can modify it as required. After the modification, logs are generated according to the new policy and the retention period of the original logs is subject to the modified retention period.
To modify the audit policy, click Set Audit Policy. In the dialog box that is displayed, modify the audit policy.
Figure 2 Modifying the audit policy
- Disable the audit policy.
NOTE:
After the audit policy is disabled, no audit log is generated.
To disable the audit policy, click
. For details, see Figure 3.You can determine whether to delete all automated backup files:
- If you do not select Delete automated backups, all backup files within the retention period will be retained. You can manually delete them later.
- If you select Delete automated backups, all backup files within the retention period will be deleted.
Click OK.
- After the audit policy is enabled, you can modify it as required. After the modification, logs are generated according to the new policy and the retention period of the original logs is subject to the modified retention period.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.
The system is busy. Please try again later.
