- What's New
- Function Overview
-
Product Bulletin
- Vulnerability Notice
-
Product Notices
- [Notice] Starting OBT for DDS Cluster 5.0 on Nov 5, 2024
- [Notice] Huawei Cloud DDS Replica Set 5.0 Will Be Released Commercially on Oct 11, 2024
- [Notice] Huawei Cloud DDS 3.4 Will Be Discontinued on Oct 11, 2024
- [Notice] Starting OBT for DDS 5.0 on July 24, 2024
- [Notice] Specifications with CPU-Memory Ratio of 1:8 Will Be Available for x86-Powered Enhanced II Replica Set Instances and Cluster Shards on February 15, 2023
- [Notice] DDS 4.4 OBT Invitation
- [Product Discontinuation Notice] Huawei Cloud Document Database Service (DDS) Single Node Instances Will Be Discontinued on July 15, 2023
- [Notice] Huawei Cloud DDS 4.4 Will Be Released Commercially on Oct 08, 2023
- Version Description
- Product Release Notes
-
Service Overview
- Infographics
- What Is DDS?
- Advantages
- Comparison Between DDS and On-Premises Databases
- Typical Application Scenarios
- Functions and Features
- System Architecture
- Instances
- Notes and Constraints
- Basic Concepts
- Compatibility
- Security
- Permissions
- Related Services
- Mapping Between DDS Versions and Community Versions
- Billing
- Getting Started
-
User Guide
- Buying an Instance
-
Connecting to a DB Instance
- Connecting to a Cluster Instance
- Connecting to a Replica Set Instance
- Connecting to a Single Node Instance
- Data Migration
- Performance Tuning
- Permissions Management
- Instance Lifecycle Management
-
Instance Modifications
- Changing an Instance Name
- Changing an Instance Description
- Modifying an Instance Tag
- Changing the Name of the Replica Set in the Connection Address
- Upgrading a Minor Engine Version
- Upgrading a Major Engine Version
- Scaling Up Storage Space
- Changing an Instance Class
- Changing Cluster Instance Nodes
- Changing Replica Set Instance Nodes
- Configuring the Maintenance Window
- Changing an AZ
- Updating the OS of a DB Instance
-
Data Backups
- Backup Principles and Solutions
- Configuring an Automated Backup Policy
- Configuring an Incremental Backup Policy
- Configuring the Cross-Region Backup Policy
- Setting Backup Method for a DB Instance
- Creating a Manual Backup
- Deleting a Manual Backup
- Deleting an Automated Backup
- Stopping a Backup
- Downloading a Backup File
-
Data Restorations
- Solutions
- Restoring Data to a New Instance
- Restoring Data to the Original Instance
- Restoring Data to a Point in Time
- Restoring Data to an On-Premises Database
- Restoring Data of Enhanced Edition
-
Parameter Template Management
- Overview
- Creating a Parameter Template
- Modifying DDS DB Instance Parameters
- Viewing Parameter Change History
- Exporting a Parameter Template
- Comparing Parameter Templates
- Replicating a Parameter Template
- Resetting a Parameter Template
- Applying a Parameter Template
- Viewing Application Records of a Parameter Template
- Modifying the Description of a Parameter Template
- Deleting a Parameter Template
- Connection Management
- Database Usage
- Data Security
- Monitoring and Alarm Reporting
- Auditing
- Logs
- Task Center
- DBA Assistant
- SQL Execution Control
- Cross-AZ Disaster Recovery
- Tags
- Quotas
- DDS Usage Suggestions
- Developer Guide
-
Best Practices
- Overview
- Security Best Practices
- Common Methods for Connecting to a DDS Instance
- From Other Cloud MongoDB to DDS
- From On-Premises MongoDB to DDS
- From ECS-hosted MongoDB to DDS
- How Do Replica Sets Achieve High Availability and Read/Write Splitting?
- Sharding
- How Do I Improve DDS Performance by Optimizing SQL Statements?
- How Do I Prevent the dds mongos Cache Problem?
- How Do I Solve the High CPU Usage Issue?
- How Do I Troubleshoot High Memory Usage of DDS DB Instances?
- What Can I Do If the Number of Connections of an Instance Reaches Its Maximum?
- Creating a User and Granting the Read-Only Permission to the User
- Proper Use of Data Definition Languages (DDL) Statements
- How Is a DDS Node Going to Be Disconnected and What Can I Do?
- Security White Paper
- Performance White Paper
-
API Reference
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
APIs V3.0 (Recommended)
- Querying the API Version
- Querying Database Version Information
- Querying Database Specifications
- Querying the Database Disk Type
-
DB Instance Management
- Creating a DB Instance
- Restarting a DB Instance
- Deleting a DB Instance
- Querying Instances and Details
- Scaling Up Storage Space
- Adding Nodes for a Cluster Instance
- Modifying DB Instance Specifications
- Performing a Primary/Secondary Switchover in a Replica Set Instance
- Enabling or Disabling SSL
- Modifying a DB Instance Name
- Changing an Instance Description
- Changing a Database Port
- Changing a Security Group
- Binding an EIP
- Unbinding an EIP
- Changing a Private IP Address
- Creating Shard or Config IP Addresses of a Cluster Instance
- Configuring Cross-CIDR Access for a Replica Set
- Querying AZs to Which an Instance Can Be Migrated
- Migrating a DB Instance to Another AZ
- Setting the Recycle Bin Policy
- Adding Nodes to a Replica Set Instance
- Adding a Read Replica to an Instance
- Upgrading the Database Patch
- Enabling or Disabling Monitoring by Seconds
- Querying Second-Level Monitoring Configurations
- Configuring the Maintenance Window
- Querying the Recycling Policy of a DB Instance
- Querying DB Instances in the Recycle Bin
- Checking for Weak Passwords
- Querying the Estimated Database Patch Upgrade Duration
- Querying Instance Disk Information
- Obtaining the SSL Certificate Download Address
- Querying the Name of the Replica Set in the Connection Address
- Changing the Name of the Replica Set in the Connection Address
- Deleting Instance Nodes
- Deleting a Read Replica of an Instance
- Querying Access Across CIDR Blocks for a Replica Set Instance
- Querying LTS Log Configurations
- Associating an Instance with an LTS Log Stream
- Disassociating an Instance from an LTS Log Stream
- Configuring an Autoscaling Policy for Storage Space
- Querying the Autoscaling Policy of Storage Space
- Upgrading the Minor Versions of DB Instances in Batches
- Connection Management
-
Backup and Restoration
- Creating a Manual Backup
- Deleting a Manual Backup
- Querying the Backup List
- Querying an Automated Backup Policy
- Setting an Automated Backup Policy
- Restoring Data to a New DB Instance
- Obtaining the Link for Downloading a Backup File
- Querying the Restoration Time Ranges
- Obtaining the List of Databases That Can Be Restored
- Obtaining the List of Database Collections That Can Be Restored
- Restoring Data to the Original DB Instance
- Restoring Databases and Tables to a Point in Time
- Stopping a Backup
- Deleting Manual Backups in Batches
-
Parameter Configuration
- Obtaining Parameter Templates
- Creating a Parameter Template
- Deleting a Parameter Template
- Obtaining Details About a Parameter Template
- Modifying a Parameter Template
- Applying a Parameter Template
- Obtaining Parameters of a Specified DB Instance
- Modifying Parameters of a Specified DB Instance
- Querying Available DB Instances
- Viewing Application Records of a Parameter Template
- Viewing Parameter Change History
- Comparing Parameter Templates
- Replicating a Parameter Template
- Resetting a Parameter Template
- Checking Whether a Parameter Template Name Is Unique
- Viewing Parameter Change History of an Instance
-
Log Information Queries
- Querying Database Slow Logs (New)
- Obtaining Links for Downloading Slow Query Logs
- Showing Original Slow Logs
- Querying Database Error Logs (New)
- Obtaining Links for Downloading Error Logs
- Configuring SQL Audit
- Querying SQL Audit Policy
- Obtaining the Audit Log List
- Obtaining Links for Downloading Audit Logs
- Querying the Switch of Show Original Log
- Deleting Audit Logs
- Tag Management
-
Managing Databases and Users
- Creating a Database User
- Creating a Database Role
- Querying Details About Database Users
- Querying the Database Role List
- Changing the Password of a Database User
- Checking the Password for Logging In to a Database
- Querying Cluster Balancing Settings
- Enabling or Disabling Cluster Balancing
- Setting the Activity Time Window for Cluster Balancing
- Deleting a Database User
- Deleting a Database Role
- Querying Databases
- Quota Management
- Database O&M
- Task Management
- API V3 (Unavailable Soon)
- Examples
- Permissions Policies and Supported Actions
- Appendix
- SDK Reference
-
FAQs
-
Product Consulting
- What Is the Relationship Between DDS and MongoDB Community Edition?
- Q&A About Switching Storage Engine to RocksDB for DDS 4.2 and Later Versions
- What Are the Differences Between DDS and GeminiDB Mongo?
- What Precautions Should Be Taken When Using DDS?
- What Is the Availability of DDS DB Instances?
- Will My DDS DB Instances Be Affected by Other Users' DDS DB Instances?
- Does DDS Support Multi-AZ Deployment?
- Can I Change the VPC for a Created Instance?
- Can I Change the Region for a Created Instance?
- What Is Hidden Node?
- Database Versions
- Resource Freezing, Release, Deletion, and Unsubscription
-
Resource and Disk Management
- Which Items Occupy the Storage Space of DDS Instances?
- Which Types of Logs and Files Occupy DDS DB Instance Storage Space?
- Why Is the Storage Space Usage Displayed on the GUI Smaller Than the Actual Usage?
- Why Does Available Disk Space Not Increase After Data Is Deleted?
- Why Is the Resident Memory of a 4 vCPUs/8 GB Memory Replica Set Instance Only 4 GB?
- Capacity Expansion and Specification Changes
-
Database Performance
- When Will a Primary/Standby Switchover Be Triggered for a Cluster or Replica Set?
- High Storage Usage
- What Is the Time Delay for Primary/Secondary Synchronization in a Replica Set?
- How Is Data Transferred Between the Primary and Secondary Nodes of a Replica Set?
- How Do I Clear an Alarm Saying the Shard Memory Usage Exceeds 90%?
- What Can I Do If a Query Error Is Reported After Data Is Written Into the DDS Cluster?
- Database Permissions
-
Creation and Deletion
- How Do I Select Instance Specifications and Nodes?
- Why Is an Instance Not Displayed on the Console After It Is Created?
- Can I Use a Template to Create DDS DB Instances?
- Why Is Data Missing from My Database?
- Will My Backups Be Deleted If I Delete My Cloud Account?
- What Are the Differences Between Instance Deletion and Unsubscription?
-
Database Connection
- What Should I Do If I Fail to Connect to a DDS Instance?
- What Can I Do If the Number of Connections of an Instance Reaches Its Maximum?
- How Do I Query and Limit the Number of Connections?
- What Should I Do If the ECS and DDS Are Deployed in Different VPCs and They Cannot Communicate with Each Other?
- Do Applications Need to Support Automatic Reconnecting to the DDS Database?
- How Do I Create and Log In to an ECS?
- Installing a Client
- Database Usage
- Database Migration
- Database Storage
- Database Parameters
- Backup and Restoration
- Network Security
- Monitoring and Alarm
-
Product Consulting
-
Troubleshooting
- Overview
- DDS Instance Node Fault Handling Mechanism
- Connection Failure Message: network error while attempting to run command 'isMaster'
- Connection Failure Messages: No route to host and connection attempt failed
- Connection Failure Message: Authentication failed
- Connection Failure Message: couldn't connect to server
- Connection Failure Message: cannot list multiple servers in URL without 'replicaSet' option
- Connection Failure Message: Timeout while receiving message
- Connection Failure Message: exception: login failed and U_STRINGPREP_PROHIBITED_ERROR
- Change History
- Videos
- Glossary
-
More Documents
-
User Guide (ME-Abu Dhabi Region)
- Introduction
- Logging In to the DDS Console
- Getting Started with Clusters
- Getting Started with Replica Sets
- Connection Management
- Migrating Data
- Account Management
-
Instance Management
- Changing a DB Instance Name
- Adding Cluster Instance Nodes
- Reverting Cluster Instance Nodes
- Scaling Up Storage Space
- Changing the CPU or Memory of a Cluster DB Instance
- Changing the CPU or Memory of a Replica Set DB Instance
- Manually Switching the Primary and Secondary Nodes of a Replica Set
- Exporting DB Instance Information
- Restarting a DB Instance or a Node
- Deleting a DB Instance
- Recycling a DB Instance
- Backup and Restore
- Parameter Group Settings
- Task Center
- Monitoring and Alarm Reporting
- Auditing
- Log Management
- Tag
-
FAQs
- Product Consulting
- Database Performance
- Creation and Deletion
-
Database Connection
- Can an External Server Access the DDS DB Instance?
- What Is the Number of DDS Database Connections?
- What Should I Do If an ECS Cannot Connect to a DDS DB Instance?
- What Should I Do If a Database Client Problem Causes a Connection Failure?
- What Should I Do If a DDS Server Problem Causes a Connection Failure?
- How Can My Applications Access a DDS DB Instance in a VPC?
- Do Applications Need to Support Automatic Reconnecting to the DDS Database?
- How Do I Create and Log In to an ECS?
- How Can I Install a MongoDB Client?
- How Do I Install Robo 3T?
- Database Usage
- Database Storage
- Database Parameter Modification
- Backup and Restoration
- Network Security
- Resource Monitoring
- Log Management
- Which Commands are Supported or Restricted by DDS?
- Change History
-
API Reference (ME-Abu Dhabi Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
API Description
- Querying the API Version
- Querying Database Version Information
- Querying All DB Instance Specifications
-
DB Instance Management
- Creating a DB Instance
- Restarting a DB Instance
- Deleting a DB Instance
- Querying DB Instances
- Scaling Up Storage Space
- Adding Nodes for a Cluster Instance
- Modifying DB Instance Specifications
- Performing a Primary/Secondary Switchover in a Replica Set Instance
- Enabling or Disabling SSL
- Modifying a DB Instance Name
- Changing a Database Port
- Changing a Security Group
- Binding an EIP
- Unbinding an EIP
- Changing a Private IP Address
- Backup and Restoration
- Tag Management
- Permissions Policies and Supported Actions
- Appendix
- Change History
-
User Guide (Paris Region)
- Introduction
- Logging In to the DDS Console
- Getting Started with Clusters
- Getting Started with Replica Sets
- Connection Management
- Migrating Data
- Account Management
-
Instance Management
- Changing a DB Instance Name
- Adding Cluster Instance Nodes
- Reverting Cluster Instance Nodes
- Scaling Up Storage Space
- Changing the CPU or Memory of a Cluster DB Instance
- Changing the CPU or Memory of a Replica Set DB Instance
- Manually Switching the Primary and Secondary Nodes of a Replica Set
- Exporting DB Instance Information
- Restarting a DB Instance or a Node
- Deleting a DB Instance
- Backup and Restore
- Parameter Group Settings
- Task Center
- Monitoring and Alarm Reporting
- Auditing
- Log Management
- Tag
-
FAQs
- Product Consulting
- Database Performance
- Creation and Deletion
-
Database Connection
- Can an External Server Access the DDS DB Instance?
- What Is the Number of DDS Database Connections?
- What Should I Do If an ECS Cannot Connect to a DDS DB Instance?
- What Should I Do If a Database Client Problem Causes a Connection Failure?
- What Should I Do If a DDS Server Problem Causes a Connection Failure?
- How Can My Applications Access a DDS DB Instance in a VPC?
- Do Applications Need to Support Automatic Reconnecting to the DDS Database?
- How Do I Create and Log In to an ECS?
- How Can I Install a MongoDB Client?
- How Do I Install Robo 3T?
- Database Usage
- Database Storage
- Database Parameter Modification
- Backup and Restoration
- Network Security
- Log Management
- Which Commands are Supported or Restricted by DDS?
- Change History
-
API Reference (Paris Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
API Description
- Querying the API Version
- Querying Database Version Information
- Querying All DB Instance Specifications
-
DB Instance Management
- Creating a DB Instance
- Restarting a DB Instance
- Deleting a DB Instance
- Querying DB Instances
- Scaling Up Storage Space
- Adding Nodes for a Cluster Instance
- Modifying DB Instance Specifications
- Performing a Primary/Secondary Switchover in a Replica Set Instance
- Enabling or Disabling SSL
- Modifying a DB Instance Name
- Changing a Database Port
- Changing a Security Group
- Binding an EIP
- Unbinding an EIP
- Changing a Private IP Address
- Backup and Restoration
- Appendix
- Change History
-
User Guide (Kuala Lumpur Region)
- Introduction
- Logging In to the DDS Console
- Getting Started with Clusters
- Getting Started with Replica Sets
- Connection Management
- Migrating Data
- Account Management
-
Instance Management
- Changing a DB Instance Name
- Adding Cluster Instance Nodes
- Reverting Cluster Instance Nodes
- Scaling Up Storage Space
- Changing the CPU or Memory of a Cluster DB Instance
- Changing the CPU or Memory of a Replica Set DB Instance
- Manually Switching the Primary and Secondary Nodes of a Replica Set
- Exporting DB Instance Information
- Restarting a DB Instance or a Node
- Deleting a DB Instance
- Recycling a DB Instance
- Backup and Restore
- Parameter Group Settings
- Task Center
- Monitoring and Alarm Reporting
- Auditing
- Log Management
- Tag
-
FAQs
- Product Consulting
- Database Performance
- Creation and Deletion
-
Database Connection
- Can an External Server Access the DDS DB Instance?
- What Is the Number of DDS Database Connections?
- What Should I Do If an ECS Cannot Connect to a DDS DB Instance?
- What Should I Do If a Database Client Problem Causes a Connection Failure?
- What Should I Do If a DDS Server Problem Causes a Connection Failure?
- How Can My Applications Access a DDS DB Instance in a VPC?
- Do Applications Need to Support Automatic Reconnecting to the DDS Database?
- How Do I Create and Log In to an ECS?
- How Can I Install a MongoDB Client?
- How Do I Install Robo 3T?
- Database Usage
- Database Storage
- Database Parameter Modification
- Backup and Restoration
- Network Security
- Resource Monitoring
- Log Management
- Which Commands are Supported or Restricted by DDS?
- Change History
-
API Reference (Kuala Lumpur Region)
- Before You Start
- API Overview
- Calling APIs
- Getting Started
-
API Description
- Querying the API Version
- Querying Database Version Information
- Querying All DB Instance Specifications
-
DB Instance Management
- Creating a DB Instance
- Restarting a DB Instance
- Deleting a DB Instance
- Querying DB Instances
- Scaling Up Storage Space
- Adding Nodes for a Cluster Instance
- Modifying DB Instance Specifications
- Performing a Primary/Secondary Switchover in a Replica Set Instance
- Enabling or Disabling SSL
- Changing the Administrator Password
- Modifying a DB Instance Name
- Changing a Database Port
- Changing a Security Group
- Binding an EIP
- Unbinding an EIP
- Changing a Private IP Address
- Backup and Restoration
- Tag Management
- Permissions Policies and Supported Actions
- Appendix
- Change History
-
User Guide (ME-Abu Dhabi Region)
- General Reference
Copied.
Audit Log Policy Management
An audit log records operations performed on your databases and collections. The generated log files are stored in OBS. Auditing logs can enhance your database security and help you analyze the cause of failed operations.
Precautions
- The audit policy of a DDS DB instance is disabled by default. You can enable it based on your service requirements. After the function is enabled, the system records audit information about read and write operations, which may deteriorate the performance by 15% to 20%.
- You will be charged for enabling SQL audit log. For details, see Service Pricing.
- DDS checks generated audit logs. If the retention period of logs exceeds the period you set, DDS will delete the logs. It is recommended that audit logs be stored for more than 180 days for tracing and problem analysis.
- After the audit policy is modified, DDS audits logs according to the new policy and the retention period of the original audit logs is subject to the modified retention period.
- You are not advised to delete audit logs. To delete audit logs, ensure that this operation meets external and internal security compliance requirements, and download audit logs and back them up locally. Audit logs cannot be restored after being deleted. Exercise caution when performing this operation.
- You can view, download, and delete DDS instance audit logs on the DDS console. For details, see Viewing Audit Logs on the DDS Console. By enabling log reporting in Log Reporting, you can also view details about audit logs of DDS DB instances on the LTS console, including searching for logs, monitoring logs, downloading logs, and viewing real-time logs. For details, see Viewing Audit Logs on the LTS Console.
- By default, audit logs are generated every hour. If the size of an audit log exceeds 10 MB, a new audit log is generated.
- Your data must be encoded in UTF-8 format. For data in other format, the auditing result of the corresponding statement may be missing or contain garbled characters.
- Audit log files stored on OBS are invisible to you. They are only visible in the DDS backend management system.
Example Traces
The following is an example of querying the replica set status. For details about the fields, see Trace Structure.
{ "atype": "replSetGetStatus", "ts": { "$date": "2022-06-29T07:23:29.077+0000" }, "local": { "ip": "127.0.0.1", "port": 8636 }, "remote": { "ip": "127.0.0.1", "port": 50860 }, "users": [ { "user": "rwuser", "db": "admin" } ], "roles": [ { "role": "root", "db": "admin" } ], "param": { "command": "replSetGetStatus", "ns": "admin", "args": { "replSetGetStatus": 1, "forShell": 1, "$clusterTime": { "clusterTime": { "$timestamp": { "t": 1656487409, "i": 117 } }, "signature": { "hash": { "$binary": "PTJhGQ6cr8RyzuqbevXfG0xWj/c=", "$type": "00" }, "keyId": { "$numberLong": "7102437926763495425" } } }, "$db": "admin" } }, "result": 0 }
Configuring the Audit Policy
- Log in to the management console.
- Click
in the upper left corner and select a region and a project.
- Click
in the upper left corner of the page and choose Databases > Document Database Service.
- On the Instances page, click the instance name.
- In the navigation pane on the left, choose Audit Logs.
- On the Audit Logs page, click Set Audit Policy.
- On the displayed page, click
.
- Configure required parameters and click OK to enable the audit policy.
Figure 1 Enabling audit policy
Table 1 Parameter description Parameter
Description
All
Audit all collections in the instance.
Custom
Audit specified databases or collections in the instance.
The database or collection name cannot contain spaces or the following special characters: /\' : "[]{}() The dollar sign ($) can be used only as an escape character.
The database name can contain a maximum of 64 characters.
If you enter a combined database and collection name, the total name length is 120 characters with the database name length of no more than 64 characters and the collection name cannot be blank, contain null, or use system. in prefix.
Statement Type
You can query audit logs of specified statements in a collection, including auth, insert, update, delete, command and query statements.
Retention Days
The number of days to retain audit logs. Range: 7 to 732
- After the audit policy is enabled, you can modify it as required. After the modification, logs are generated according to the new policy and the retention period of the original logs is subject to the modified retention period.
To modify the audit policy, click Set Audit Policy. In the dialog box that is displayed, modify the audit policy.
Figure 2 Modifying the audit policy - Disable the audit policy.
NOTE:
After the audit policy is disabled, no audit log is generated.
To disable the audit policy, click
. Figure 3 shows the dialog box for setting the backup policy.
You can determine whether to delete all audit logs:
- If you do not select Delete audit logs, all audit logs within the retention period will be retained. You can manually delete them later.
- If you select Delete audit logs, all audit logs within the retention period will be deleted.
Click OK.
- After the audit policy is enabled, you can modify it as required. After the modification, logs are generated according to the new policy and the retention period of the original logs is subject to the modified retention period.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot