Audit Log Dump Is Enabled for DWS Clusters
Rule Details
|
Parameter |
Description |
|---|---|
|
Rule Name |
dws-enable-log-dump |
|
Identifier |
Audit Log Dump Is Enabled for DWS Clusters |
|
Description |
If audit log dump is not enabled for a GaussDB(DWS) cluster, this cluster is non-compliant. |
|
Tag |
dws |
|
Trigger Type |
Configuration change |
|
Filter Type |
dws.clusters |
|
Rule Parameters |
None |
Application Scenarios
GaussDB(DWS) records information (audit logs) about connections and user activities in your database. The audit logs help you monitor the database to ensure security, rectify faults, and locate historical operation records. GaussDB(DWS) audit logs are stored in the database by default. You can dump the audit logs to OBS so that users who monitor database activities can view the logs. Log dump helps:
- High reliability: OBS bucket storage provides high durability to prevent data loss.
- Redundancy backup: OBS bucket storage usually has multiple copies or cross-region backups for enhanced data security.
- Access control: OBS bucket storage supports fine-grained permission management to ensure log data security.
- Centralized management: Logs are stored in OBS buckets for unified management and analysis.
- Reduced storage costs: OBS bucket storage is usually more affordable than database storage, especially suitable for long-term log storage.
Solution
After a GaussDB(DWS) cluster is created, you can enable log dump for it to save audit logs to OBS. For details, see Dumping GaussDB(DWS) Database Audit Logs.
Rule Logic
- If audit log dump is not enabled for a GaussDB(DWS) cluster, this cluster is non-compliant.
- If audit log dump is enabled for a GaussDB(DWS) cluster, this cluster is compliant.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
