Updated on 2023-12-27 GMT+08:00

Process Overview

This section describes how to quickly enable database audit.

Background

Database audit supports auditing user-installed databases on ECS/BMS as well as RDS databases on the management console.

  • Ensure the VPC, security group, and subnet of the database audit instance are the same as those of the node (application side or database side) where you plan to install the database audit agent. Otherwise, the instance will be unable to connect to the agent or perform audit.
  • If SSL is enabled for a database, the database cannot be audited. To use database audit, disable SSL first.

Create a database audit instance, connect the instance with the target database, and enable database audit.

Auditing Databases Using Agents

Figure 1 Procedure for quickly configuring database audit
Table 1 Procedure for quickly configuring database audit

Step

Configuration

Description

1

Adding a Database

Apply for database audit. Add a database to the database audit instance and enable audit for the database.

2

Adding an Agent

Select an agent add mode.

Database audit supports auditing databases built on ECS, BMS, and RDS on the cloud. Select an agent add mode based on your database deployed on the management console.

4

Installing an Agent (Linux OS)

Download and then install the agent on the database or application, as required by the add mode you chose.

5

Enabling Database Audit

Enable database audit and connect the added database to the database audit instance.

6

Viewing the Audit Results

By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page.

Verifying the Result

When you connect the added database to the database audit instance, database audit records all operations performed on the database. You can view the audit result on the database audit page.