Help Center> GaussDB(DWS)> Management Guide> Audit Logs> Database Audit Logs> Configuring the Database Audit Logs
Updated on 2023-11-27 GMT+08:00

Configuring the Database Audit Logs

Prerequisites

Database audit logs are configured on the Security Settings page. You can change security settings only when the cluster status is Available and Unbalanced, and Task Information cannot be Creating snapshot, Scaling out, Configuring, or Restarting.

Procedure

  1. Log in to the GaussDB(DWS) management console.
  2. Click Clusters.
  3. In the cluster list, click the name of a cluster. Choose Security.

    By default, Configuration Status is Synchronized, which indicates that the latest database results are displayed.

  4. In the Audit Settings area, configure the audit log retention policy.

    Space priority: Audit logs will be automatically deleted if the size of audit logs on a single node exceeds 1 GB.

    • Clusters 1.0.0 and 1.1.0 do not support audit log retention.
    • If the planned storage space of the database is limited, select Space priority to prevent faulty nodes or low performance caused by insufficient disk space.

  5. Enable the audit function for the following operations if necessary.

    Fine-grained audit items are supported in 8.1.1.100 or later.

    Figure 1 Audit items

    Table 1 describes the detailed information about the audit items.

    Table 1 Audit items

    Audit Item

    Description

    Unauthorized access

    Specifies whether to record unauthorized operations. This parameter is disabled by default.

    DQL operations

    SELECT operations can be selected.

    NOTE:

    This parameter is supported by 8.1.1.100 or later.

    DML operations

    Specifies whether to record INSERT, UPDATE, and DELETE operations on tables. This parameter is disabled by default.

    NOTE:

    The cluster supports fine-grained audit items in 8.1.1.100 or later. COPY and MERGE are added.

    DDL operations

    Specifies whether to record the CREATE, DROP, and ALTER operations of specified database objects. DATABASE, SCHEMA, and USER are selected by default.

    NOTE:

    The cluster supports TABLE, DATA SOURCE, and NODE GROUP operations in 8.1.1.100 or later. These operations are enabled by default.

    Other operations

    Specifies whether to record other operations. Only the TRANSACTION and CURSOR operations are selected by default.

    NOTE:
    • This parameter is supported by 8.1.1.100 or later.
    • You are advised to select TRANSACTION. Otherwise, statements in a transaction will not be audited.
    • You are advised to select CURSOR. Otherwise, SELECT statements in a cursor will not be audited. The Data Studio client automatically encapsulates SELECT statements using CURSOR.

    Except the audit items listed in Table 1, key audit items in Table 2 are enabled by default on GaussDB(DWS).

    Table 2 Key audit items

    Parameter

    Description

    Key audit items

    Records successful and failed logins and logout.

    Records database startup, stop, recovery, and switchover.

    Records user locking and unlocking.

    Records the grants and reclaims of user permissions.

    Records the audit function of the SET operation.

  6. Enable or disable audit log dumps.

    For more information, see Enabling Audit Log Dumps.

  7. Click Apply.

    Click . The configuration status Applying indicates that the configurations are being saved.

    When the status changes to Synchronized, the configurations are saved and take effect.