Database Audit Is Unavailable

Symptom

After the database traffic is triggered, you cannot find the audit information about an executed statement in the SQL statement list.

In this case, perform the following operations to troubleshoot the problem:

• Checking Database Information and Audit Function Settings
• Checking Audited Database Settings
• Checking Database Agent Status
• Checking the Security Group Rules of the Database Audit Instance

Checking Database Information and Audit Function Settings

1. Log in to the management console.
2. Select a region, click , and choose Security > Database Security Service. The Dashboard page is displayed.
3. In the navigation tree on the left, choose Databases.
4. Select an instance where the database is located from the Instance drop-down list.
5. View the database information, as shown in Figure 1.
   Figure 1 Viewing the information about the database to be audited
   

6. Check whether the database information is correct.
   • If the database information is correct, go to 7.
   • If the database information is incorrect, click Delete to delete the database, and then click Add Database to add the database again.
     • If the fault is rectified, no further operation is required.
     • If the problem persists, go to 7.

7. Check whether the database audit function is enabled.
   • If Audit Status is Enabled, go to Checking Audited Database Settings.
   • If Audit Status is Disabled, click Enable to enable the database audit function.
     • If the fault is rectified, no further operation is required.
     • If the problem persists, go to Checking Audited Database Settings.

Checking Audited Database Settings

In the navigation tree on the left, choose Database Audit > Rules. The Audit Scope page is displayed. See Figure 2.

Figure 2 Audit scope

• If Status is Enabled, go to Checking Database Agent Status.
• If Status is Disabled, click Enable to enable the desired audit scope rule of the database.
  • If the fault is rectified, no further operation is required.
  • If the problem persists, go to Checking Database Agent Status.

Checking Database Agent Status

1. Log in to the node where the agent is installed as user root by using a cross-platform remote access tool (for example, PuTTY) via SSH.
2. Run the following command to view the running status of the agent program:
   ps -ef|grep audit_agent

   • If the following information is displayed, the agent is running properly. Go to 4.

     1	/opt/dbss_audit_agent/bin/audit_agent

   • If no information is displayed, the agent does not run properly. Go to 3.

3. Run the following command to restart the agent:

   service audit_agent restart

   • If the fault is rectified, no further operation is required.
   • If the problem persists, go to 4.

4. Run the following command to check the communication status between the agent and database audit instance:

   tailf /opt/dbss_audit_agent/log/audit_agent.log

   • If information similar to the following is displayed, the communication between the agent and database audit instance is normal. Go to Verifying the Result.
     Figure 3 Normal communication
     
   • If information similar to the following is displayed, the communication between the agent and database audit instance is abnormal. Go to Checking the Security Group Rules of the Database Audit Instance.
     Figure 4 Communication error
     

Checking the Security Group Rules of the Database Audit Instance

1. Go to the Database Security Service page.
2. In the navigation tree on the left, choose Database Audit > Databases. The Databases page is displayed.
3. Select an instance where the database is located from the Instance drop-down list.
4. Record the IP address of the agent node.
   Click next to the database to view the information of its agent, and record Installing Node IP Address. See Figure 5.

   Figure 5 Installing node IP address
   

5. Record the security group information about the database to be audited.
   1. In the navigation tree on the left, choose Database Audit > Instances.
   2. Click the required instance. The Overview page is displayed.
   3. In the Network Settings area, record the value of Security Group (for example, default) of the database audit instance, as shown in Figure 6.
      Figure 6 Security group information about the database to be audited
      

6. Go to the Security Groups page to check the rules of the recorded group.
   1. Click in the upper left corner of the management console and choose Network > Virtual Private Cloud.
   2. In the navigation tree on the left, choose Access Control > Security Groups. The security group list page is displayed.
   3. Enter the security group default recorded in 5.c in the search box in the upper right corner of the list, and click or press Enter. Its information is displayed in the list.
   4. Click the name of the security group default. Click the Inbound Rules tab.
   5. Check inbound rules of the security group default.
      Check whether TCP (port number 8000) and UDP protocols (port number from 7000 to 7100) are configured in the inbound rules of the security group for the IP address of the installing node in 4.

      • If inbound rules have been configured for the security group, go to Verifying the Result.
      • If no inbound rule is configured for the security group, go to 7.

7. Add an inbound rule for the installing node.
   1. On the Inbound Rules tab, click Add Rule. See Figure 7.
      Figure 7 Adding rules
      
   2. In the Add Inbound Rule dialog box, add TCP (port number 8000) and UDP protocols (port number from 7000 to 7100) for the installing node IP address in Figure 5. See Figure 8.
      Figure 8 Adding an inbound rule
      
   3. Click OK.

Verifying the Result