Updated on 2022-11-23 GMT+08:00

Adding a Database and Exporting Database Configurations

Add a database to be audited, enable the audit function, and import the database configurations to Object Storage Service (OBS).

Limitations and Constraints

  • Before adding a database, you need to check the databases bound to cluster workloads and ensure:
    • A database is added to only one audit instance.
    • Databases accessed by the same workload must be added to the same audit instance.
    • If the databases accessed by multiple workloads overlap, all these databases must be added to the same audit instance.
  • If any of the following changes occurred, you need to export your latest database configurations to an OBS bucket, import the bucket to the CCE cluster, and use the bucket for cluster storage:

    You just purchased a database audit instance, or a database is added or deleted.

  • Disable SSL for a database before auditing it.

Adding a Database and Enabling Audit

After purchasing database audit, add the database to be audited to the database audit instance and enable the database audit function for the database.

For details about how to purchase database audit, see Purchasing Database Audit.

  1. Log in to the management console.
  2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. In the navigation pane, choose Databases.
  4. Select an instance from the Instance drop-down list. Click Add Database.
  5. In the displayed dialog box, set database parameters described in Table 1.

    Database audit supports UTF-8 and GBK character encoding.
    Figure 1 Add Database dialog box

  6. Click OK. The database will be displayed in the database list and its Audit Status will be Disabled.
  7. In the Operation column of the database, click Enable.

Export database configurations.

Import the database configurations to OBS.

  1. In the navigation pane, choose Instances.
  2. Click Export Database Configurations.

    Figure 2 Exporting database configurations
    • The Export Database Configurations button is hidden. To show this button, add ?exportCfg at the end of the link of the instance list page, and press Enter.
    • Database configuration includes the configurations of the database to be audited and the database audit agent.

  3. Click OK.
  4. After you agree to the authorization, a bucket named dbss-audit-agent-{projectid} will be created in OBS.

    If any of the following changes occurred, your audit instance configurations will also change and you need to export them again:

    You just purchased a database audit instance, or a database is added or deleted.