Database Audit
Context
Database security is critical to the database system. GaussDB writes all user operations on the database into audit logs. Database security administrators can use the audit logs to reproduce a series of events that cause faults in the database and identify unauthorized users, unauthorized operations, and the time when these operations are performed.
You need to know the following about the audit function:
- The overall audit parameter audit_enabled supports dynamic loading. If you change the value of this configuration when the database is running, the change takes effect immediately and you do not need to restart the database. The default value is on, indicating that the audit function is enabled.
- In addition to the overall audit configuration, each audit item can be independently configured. The function of each audit item takes effect only after the configuration is enabled.
- The configuration of each audit item supports dynamic loading. After changing the audit switch status when the database is running, the modification takes effect immediately without restarting the database.
Table 1 describes the audit items supported by GaussDB.
|
Parameter |
Description |
|---|---|
|
User login and logout audit |
Parameter: audit_login_logout Its default value is 7, which indicates that the function of user login and logout audit is enabled. 0 indicates that the function of user login and logout audit is disabled. Other values are not recommended. |
|
Database startup, stop, recovery, and switchover audit |
Parameter: audit_database_process Its default value is 1, which indicates that the audit of database startup, stop, recovery, and switchover is enabled. |
|
User locking and unlocking audit |
Parameter: audit_user_locked Its default value is 1, which indicates that the audit of user locking and unlocking is enabled. |
|
Unauthorized access audit |
Parameter: audit_user_violation Its default value is 0, which indicates that the audit of unauthorized access disabled. |
|
Permission granting and revoking audit |
Parameter: audit_grant_revoke Its default value is 1, which indicates that the audit of permission granting and revoking is enabled. |
|
Audit of CREATE, ALTER, and DROP operations on database objects |
Parameter: audit_system_object Its default value is 67121159, only the CREATE, ALTER, and DROP operations on databases, schemas, users, data sources, and SQL patches are audited. |
|
Audit of INSERT, UPDATE, and DELETE operations on a specific table |
Parameter: audit_dml_state Its default value is 0, which indicates that the audit of DML operations (except SELECT) on a specific table is disabled. |
|
SELECT operation audit |
Parameter: audit_dml_state_select Its default value is 0, which indicates that the audit of the SELECT operation is disabled. |
|
COPY operation audit |
Parameter: audit_copy_exec Its default value is 1, which indicates that the audit of COPY operations is enabled. |
|
Stored procedure and user-defined function execution audit |
Parameter: audit_function_exec The default value is 0, which indicates that no execution audit logs of stored procedures and user-defined functions are recorded. |
|
SET operation audit |
Parameter: audit_set_parameter Its default value is 0, which indicates that the audit of the SET operation is disabled. |
|
Transaction ID record |
Parameter: audit_xid_info Its default value is 0, which indicates that the function of recording transaction IDs in audit logs is disabled. |
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
