Process Overview

Database audit supports auditing user-installed databases on ECS/BMS as well as RDS databases on Huawei Cloud.

Database audit cannot be used across regions. The database to be audited and the database audit instance you purchased must be in the same region.
If SSL is enabled for a database, the database cannot be audited. To use database audit, disable SSL first. For details, see How Do I Disable SSL for a Database?
For details about audit data storage, see How Long Is the Audit Data of Database Audit Stored by Default?

Databases of some types and versions can be audited without using agents, as shown in Table 1.

**Table 1** Agent-free relational databases
Database Type	Supported Edition
GaussDB(for MySQL)	All editions are supported by default.
RDS for SQLServer	All editions are supported by default.
RDS for MySQL	5.6 (5.6.51.1 or later) 5.7 (5.7.29.2 or later) 8.0 (8.0.20.3 or later)
GaussDB(DWS)	8.2.0.100 or later
PostGresql	14 (14.4 or later) 13 (13.6 or later) 12 (12.10 or later) 11 (11.15 or later) 9.6 (9.6.24 or later) 9.5 (9.5.25 or later)

DBSS without agents is easy to configure and use, but the following functions are not supported:
- Successful and failed login sessions cannot be counted.
- The port number of the client for accessing the database cannot be obtained.
GaussDB(DWS) has the permission control policy for the log audit function. Only Huawei Cloud accounts and users with the Security Administrator permission can enable or disable the DWS database audit function.

Figure 1 Agent-free auditing process
Click to enlarge

**Table 2** Procedure for quickly configuring database audit
Step	Configuration	Description
1	Adding a Database	Purchase database audit. Add a database to the database audit instance and enable audit for the database. Apply for database audit. Add a database to the database audit instance and enable audit for the database.
2	Enabling Database Audit	Enable database audit and connect the added database to the database audit instance.
3	Viewing the Audit Results	By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page. NOTICE: You can set database audit rules as required. For details, see Adding Audit Scope.

Parent topic: Enabling and Using Database Audit (Without Installing Agents)

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel

For any further questions, feel free to contact us through the chatbot.