El contenido no se encuentra disponible en el idioma seleccionado. Estamos trabajando continuamente para agregar más idiomas. Gracias por su apoyo.

Compute
Elastic Cloud Server
Huawei Cloud Flexus
Bare Metal Server
Auto Scaling
Image Management Service
Dedicated Host
FunctionGraph
Cloud Phone Host
Huawei Cloud EulerOS
Networking
Virtual Private Cloud
Elastic IP
Elastic Load Balance
NAT Gateway
Direct Connect
Virtual Private Network
VPC Endpoint
Cloud Connect
Enterprise Router
Enterprise Switch
Global Accelerator
Management & Governance
Cloud Eye
Identity and Access Management
Cloud Trace Service
Resource Formation Service
Tag Management Service
Log Tank Service
Config
OneAccess
Resource Access Manager
Simple Message Notification
Application Performance Management
Application Operations Management
Organizations
Optimization Advisor
IAM Identity Center
Cloud Operations Center
Resource Governance Center
Migration
Server Migration Service
Object Storage Migration Service
Cloud Data Migration
Migration Center
Cloud Ecosystem
KooGallery
Partner Center
User Support
My Account
Billing Center
Cost Center
Resource Center
Enterprise Management
Service Tickets
HUAWEI CLOUD (International) FAQs
ICP Filing
Support Plans
My Credentials
Customer Operation Capabilities
Partner Support Plans
Professional Services
Analytics
MapReduce Service
Data Lake Insight
CloudTable Service
Cloud Search Service
Data Lake Visualization
Data Ingestion Service
GaussDB(DWS)
DataArts Studio
Data Lake Factory
DataArts Lake Formation
IoT
IoT Device Access
Others
Product Pricing Details
System Permissions
Console Quick Start
Common FAQs
Instructions for Associating with a HUAWEI CLOUD Partner
Message Center
Security & Compliance
Security Technologies and Applications
Web Application Firewall
Host Security Service
Cloud Firewall
SecMaster
Anti-DDoS Service
Data Encryption Workshop
Database Security Service
Cloud Bastion Host
Data Security Center
Cloud Certificate Manager
Edge Security
Managed Threat Detection
Blockchain
Blockchain Service
Web3 Node Engine Service
Media Services
Media Processing Center
Video On Demand
Live
SparkRTC
MetaStudio
Storage
Object Storage Service
Elastic Volume Service
Cloud Backup and Recovery
Storage Disaster Recovery Service
Scalable File Service Turbo
Scalable File Service
Volume Backup Service
Cloud Server Backup Service
Data Express Service
Dedicated Distributed Storage Service
Containers
Cloud Container Engine
SoftWare Repository for Container
Application Service Mesh
Ubiquitous Cloud Native Service
Cloud Container Instance
Databases
Relational Database Service
Document Database Service
Data Admin Service
Data Replication Service
GeminiDB
GaussDB
Distributed Database Middleware
Database and Application Migration UGO
TaurusDB
Middleware
Distributed Cache Service
API Gateway
Distributed Message Service for Kafka
Distributed Message Service for RabbitMQ
Distributed Message Service for RocketMQ
Cloud Service Engine
Multi-Site High Availability Service
EventGrid
Dedicated Cloud
Dedicated Computing Cluster
Business Applications
Workspace
ROMA Connect
Message & SMS
Domain Name Service
Edge Data Center Management
Meeting
AI
Face Recognition Service
Graph Engine Service
Content Moderation
Image Recognition
Optical Character Recognition
ModelArts
ImageSearch
Conversational Bot Service
Speech Interaction Service
Huawei HiLens
Video Intelligent Analysis Service
Developer Tools
SDK Developer Guide
API Request Signing Guide
Terraform
Koo Command Line Interface
Content Delivery & Edge Computing
Content Delivery Network
Intelligent EdgeFabric
CloudPond
Intelligent EdgeCloud
Solutions
SAP Cloud
High Performance Computing
Developer Services
ServiceStage
CodeArts
CodeArts PerfTest
CodeArts Req
CodeArts Pipeline
CodeArts Build
CodeArts Deploy
CodeArts Artifact
CodeArts TestPlan
CodeArts Check
CodeArts Repo
Cloud Application Engine
MacroVerse aPaaS
KooMessage
KooPhone
KooDrive

Step 2: Add an Agent

Updated on 2024-12-19 GMT+08:00

Add a new agent or choose an existing agent for the database to be audited, depending on your database type. The agent will obtain database access traffic, upload traffic statistics to the audit system, receive audit system configuration commands, and report database monitoring data.

After adding an agent, configure TCP (port 8000) and UDP (ports 7000 to 7100) in the security group inbound rule of the agent node to allow the agent to communicate with the audit instance.

NOTE:

Currently, only the following types of databases support agent-free audit:

  • GaussDB for MySQL
  • RDS for SQLServer
  • RDS for MySQL
    • 5.6 (5.6.51.1 or later)
    • 5.7 (5.7.29.2 or later)
    • 8.0 (8.0.20.3 or later)
  • GaussDB(DWS): 8.2.0.100 or later

Prerequisites

  • You have purchased a database audit instance and the Status is Running.
  • A database has been added.

Scenarios

Determine where to add the agent based on how your database is deployed. Common database deployment modes are as follows:

  • Deploy DBSS for databases built on ECS/BMS. For details, see Figure 1 and Figure 2.
    Figure 1 One application connecting to multiple databases built on ECS/BMS
    Figure 2 Multiple applications connecting to one database built on ECS/BMS
  • Deploy DBSS for RDS databases. For details, see Figure 3 and Figure 4.
    Figure 3 One application connecting to multiple RDS databases
    Figure 4 Multiple applications connecting to one RDS database

Table 1 provides more details.

NOTICE:
  • If your applications and databases (databases built on ECS/BMS) are deployed on the same node, add the agent on the database side.
Table 1 Agent locations

Scenario

Where to Add the Agent

Audit Scope

Description

Databases built on ECS/BMS

Database

All access records of applications that have accessed the database

  • Add the agent on the database side.
  • If an application connects to multiple databases built on ECS/BMS, the agent must be added on all these databases.

RDS database

Application (if applications are deployed on the cloud)

Access records of all the databases connected to the application

  • Add the agent on the application side.
  • If an application connects to multiple RDS databases, add an agent on each of the databases. Set Installation Node Type for one of them and select Select an existing agent for the rest of them. For details, see Selecting an existing agent.
  • If multiple applications connect to the same RDS database, add the agent must on all these applications.

Proxy side (if applications are deployed off the cloud)

Only the access records between the proxy and database. Those between the applications and database cannot be audited.

  • Add the agent on the application side.
  • Installing Node IP Address must be set to the IP address of the proxy.

Adding an Agent (User-built Databases on ECS/BMS)

  1. Log in to the management console.
  2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. In the navigation tree on the left, choose Databases.
  4. In the Instance drop-down list, select the instance whose agent is to be added.
  5. In the Agent column of the desired database, click Add.
  6. In the displayed dialog box, select an add mode, as shown in Figure 5. For details about related parameters, see Table 2.

    Figure 5 Adding an agent to a database
    Table 2 Parameters for adding an agent (user-built databases on ECS/BMS)

    Parameter

    Description

    Example Value

    Add Mode

    Mode for adding an agent
    • Select an existing agent

      If an agent has been installed on a database connected to the same application as the desired database, select Select an existing agent.

    • Create an agent

      If no agent is available, select Create an agent to create one.

    Create an agent

    Installing Node Type

    This parameter is mandatory when Add Mode is set to Create an agent.

    When auditing user-installed databases on ECS/BMS, select Database for Installing Node Type.

    Database

    OS

    OS of the database to be audited. Its value can be .

    You can select LINUX64-X86, LINUX64-ARM, or WINDOWS64.

    NOTE:

    Select LINUX64_X86 or LINUX64_ARM based on the server architecture.

    LINUX64-X86

    CPU Threshold (%)

    Optional. This parameter is configurable if Installing Node Type is set to Application.

    CPU threshold of the application node to be audited. The default value is 80.

    80

    Memory Threshold (%)

    Optional. This parameter is configurable if Installing Node Type is set to Application.

    Memory threshold of the application node to be audited. The default value is 80.

    80

  7. Click OK.
  8. Click in the lower part of the database list page to expand the database details and view the information about the added agent.

    Figure 6 Successfully adding an agent
    NOTE:

    After adding the agent, confirm that the agent information is correct. If the agent is incorrectly added, locate the target agent, click More > Delete in the Operation column of the row to delete it, and add an agent again.

Adding an Agent (RDS Databases)

NOTE:

After you add a MySQL or GaussDB(for MySQL) database, you can start configuring security group rules. You do not need to install an agent on the database.

If an application connects to multiple RDS databases, be sure to:

  • Add an agent to each of the RDS databases.
  • Select Select an existing agent if one of the databases already has an agent. Add that agent for the rest of the databases.
  1. Log in to the management console.
  2. Select a region, click , and choose Security & Compliance > Database Security Service. The Dashboard page is displayed.
  3. In the navigation tree on the left, choose Databases.
  4. In the Instance drop-down list, select the instance whose agent is to be added.
  5. In the Agent column of the desired database, click Add.
  6. In the displayed dialog box, select an add mode, as shown in Figure 7 and Figure 8. For details about related parameters, see Table 3.

    • Select Select an existing agent for Add Mode.

      For details about when you should select this option, see When Should I Select an Existing Agent?

      NOTE:

      If an agent has been installed on the application, you can select it to audit the desired database.

      Figure 7 Selecting an existing agent
    • Set Add Mode to Create an agent.

      If no agent is available, select Create an agent to create one.

      Select Installing Node Type to Application, and set Installing Node IP Address to the intranet IP address of the application.
      Figure 8 Adding an agent to an application
    Table 3 Parameters for adding an agent (RDS databases)

    Parameter

    Description

    Example Value

    Add Mode

    Mode for adding an agent
    • Selecting an existing agent

      If an agent has been installed on a database connected to the same application as the desired database, select Select an existing agent.

    • Create an agent

      If no agent is available, select Create an agent to create one.

    Create an agent

    Installing Node Type

    This parameter is mandatory when Add Mode is set to Create an agent.

    To audit the RDS databases, select Application.

    Application

    Installing Node IP Address

    This parameter is mandatory if Installing Node Type is set to Application. You can enter only one installation node IP address. The IP address of an agent must be unique.

    The IP address is the intranet IP address of the application.

    The IP address must be an internal IP address in IPv4 or IPv6 format.

    NOTICE:

    To audit an RDS database connected to an off-cloud application, set this parameter to the IP address of the proxy.

    192.168.1.1

    Audited NIC Name

    Optional. This parameter is configurable if Installing Node Type is set to Application.

    Name of the network interface card (NIC) of the application node to be audited

    -

    CPU Threshold (%)

    Optional. This parameter is configurable if Installing Node Type is set to Application.

    CPU threshold of the application node to be audited. The default value is 80.

    NOTICE:

    If the CPU usage of a server exceeds the threshold, the agent on the server will stop running.

    80

    Memory Threshold (%)

    Optional. This parameter is configurable if Installing Node Type is set to Application.

    Memory threshold of the application node to be audited. The default value is 80.

    NOTICE:

    If the memory usage of your server exceeds the threshold, the agent will stop running.

    80

    OS

    Optional. This parameter is configurable if Installing Node Type is set to Application.

    OS of the application node to be audited. The value can be LINUX64 or WINDOWS64.

    LINUX64

  7. Click OK.
  8. Click in the lower part of the database list page to expand the database details and view the information about the added agent.

    NOTE:

    After adding the agent, confirm that the agent information is correct. If the agent is incorrectly added, locate the target agent, click More > Delete in the Operation column of the row to delete it, and add an agent again.

Follow-Up Procedure

Configure TCP (port 8000) and UDP (ports 7000 to 7100) in the security group inbound rule of the agent node to allow the agent to communicate with the audit instance. For details about how to add a security group rule, see Adding a Security Group Rule.

Utilizamos cookies para mejorar nuestro sitio y tu experiencia. Al continuar navegando en nuestro sitio, tú aceptas nuestra política de cookies. Descubre más

Feedback

Feedback

Feedback

0/500

Selected Content

Submit selected content with the feedback