Help Center/ Database Security Service/ Best Practices/ Deploying the Database Audit Agent in a Container/ Scenario
Updated on 2022-11-23 GMT+08:00
View PDF
Share

Scenario

For easier O&M, you can deploy the database audit agent in a large number of containerized applications or databases in batches. This makes configuration quicker and easier.

Assume the database and the cluster in Table 1 are connected, and you need to audit the database, locate internal violations and improper operations, protect data, and meet compliance requirements. This section describes how to enable the database audit function and check audit results.
  • To audit a database, export the database configurations and install the agent on the nodes of the Cloud Container Engine (CCE) clusters connected to the database. For details, see Installing the Agent on CCE Cluster Nodes.
  • If RDS database is selected, a list of database instances will be displayed for you to choose from. You do not need to install the agent.
Table 1 Database and CCE cluster to be audited

Cluster Name

scc-cmv-bj4

Namespace

default

NOTE:

You can select an existing namespace or create one. A namespace is a collection of resources and objects. Multiple namespaces can be created in a single cluster, but they are isolated from each other. This enables namespaces to share the same cluster services without affecting each other.

Database Type

RDS

Database Type

MySQL

Database Version

5.0

IP Address

192.168.1.31, 192.168.0.159

Port

3306

OS

Linux 64-bit

How Databases Are Audited

Database audit is deployed in out-of-path mode. The database audit agent is deployed on the application server that accesses the database and obtains access logs for audit.
Figure 1 Application architecture