Process Overview

This section describes how to quickly enable database audit.

Background

Database audit supports auditing user-installed databases on ECS/BMS as well as RDS databases on Huawei Cloud.

Database audit cannot be used across regions. The database to be audited and the database audit instance you purchased must be in the same region.
If SSL is enabled for a database, the database cannot be audited. To use database audit, disable SSL first. For details, see How Do I Disable SSL for a Database?
For details about audit data storage, see How Long Is the Audit Data of Database Audit Stored by Default?

Create a database audit instance, connect the instance with the target database, and enable database audit.

Auditing Databases Without Agents

Databases of some types and versions can be audited without using agents, as shown in Table 1.

**Table 1** Agent-free relational databases
Database Type	Supported Edition
GaussDB(for MySQL)	All editions are supported by default.
RDS for SQLServer	All editions are supported by default.
RDS for MySQL	5.6 (5.6.51.1 or later) 5.7 (5.7.29.2 or later) 8.0 (8.0.20.3 or later)
GaussDB(DWS)	8.2.0.100 or later
PostGresql	14 (14.4 or later) 13 (13.6 or later) 12 (12.10 or later) 11 (11.15 or later) 9.6 (9.6.24 or later) 9.5 (9.5.25 or later)

DBSS without agents is easy to configure and use, but the following functions are not supported:
- Successful and failed login sessions cannot be counted.
- The port number of the client for accessing the database cannot be obtained.
GaussDB(DWS) has the permission control policy for the log audit function. Only Huawei Cloud accounts and users with the Security Administrator permission can enable or disable the DWS database audit function.

Figure 1 Agent-free auditing process
Click to enlarge

**Table 2** Procedure for quickly configuring database audit
Step	Configuration	Description
1	Adding a Database	Purchase database audit. Add a database to the database audit instance and enable audit for the database. Apply for database audit. Add a database to the database audit instance and enable audit for the database.
2	Enabling Database Audit	Enable database audit and connect the added database to the database audit instance.
3	Viewing the Audit Results	By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page. NOTICE: You can set database audit rules as required. For details, see Adding Audit Scope.

Auditing Databases Using Agents

For a database whose type and version are not listed in Table 1, you need to install an agent to enable the database audit.

Figure 2 Procedure for quickly configuring database audit
Click to enlarge

**Table 3** Procedure for quickly configuring database audit
Step	Configuration	Description
1	Adding a Database	Purchase database audit. Add a database to the database audit instance and enable audit for the database.
2	Adding an Agent	Select an agent add mode. Database audit supports auditing databases built on ECS, BMS, and RDS on Huawei Cloud. Select an agent add mode based on your database deployed on Huawei Cloud.
3	Adding Security Group Rules	Configure TCP (port 8000) and UDP (ports 7000 to 7100) in the security group inbound rule of the database audit instance to allow the agent to communicate with the audit instance.
4	Installing an Agent (Linux OS)	Download and then install the agent on the database or application based on the add mode you chose.
5	Enabling Database Audit	Enable database audit and connect the added database to the database audit instance.
6	Viewing the Audit Results	By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page. NOTICE: You can set database audit rules as required. For details, see Adding Audit Scope.

Helpful Links

Choose the way to add an agent and the node to install it. For details, see How Do I Install a Database Audit Agent?
If the audit function is unavailable, rectify the fault by following the instructions provided in Database Audit Is Unavailable.

Verifying the Result

When you connect the added database to the database audit instance, database audit records all operations performed on the database. You can view the audit result on the database audit page.

Parent topic: Enabling and Using Database Audit (by Installing Agents)

Previous topic: Enabling and Using Database Audit (by Installing Agents)

Next topic: Purchasing Database Audit

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.

Chatbot