Help Center/ Database Security Service/ User Guide/ Enabling and Using Database Audit (by Installing Agents)/ Process Overview
Updated on 2025-07-09 GMT+08:00
View PDF
Share

Process Overview

This section describes how to quickly enable database audit.

Background

Database audit supports auditing user-installed databases on ECS/BMS as well as RDS databases on Huawei Cloud.

Create a database audit instance, connect the instance with the target database, and enable database audit.

Auditing Databases Using Agents

For a database whose type and version are listed in Table 1, you need to install an agent to enable the database audit.

Table 1 Database types and versions supported by database audit

Database Type

Edition

MySQL
  • 5.0, 5.1, 5.5, 5.6, 5.7
  • 8.0 (8.0.11 and earlier)
  • 8.0.30
  • 8.0.33
  • 8.0.35
  • 8.1.0
  • 8.2.0

Oracle
  • 11g

    11.1.0.6.0, 11.2.0.1.0, 11.2.0.2.0, 11.2.0.3.0, and 11.2.0.4.0

  • 12c

    12.1.0.2.0, 12.2.0.1.0

  • 19c

PostgreSQL
  • 7.4
  • 8.0, 8.1, 8.2, 8.3, 8.4
  • 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, 9.6
  • 10.0, 10.1, 10.2, 10.3, 10.4, 10.5
  • 11
  • 12
  • 13
  • 14

SQL Server
  • 2008
  • 2012
  • 2014
  • 2016
  • 2017

GaussDB(for MySQL)

8.0

DWS
  • 1.5
  • 8.1

DAMENG

DM8

KINGBASE

V8

SHENTONG

V7.0

GBase 8a

V8.5

GBase 8s

V8.8_3.3.0

Gbase XDM Cluster

V8.0

Greenplum

V6.0

HighGo

V6.0

GaussDB
  • 1.3 Enterprise Edition
  • 1.4 Enterprise Edition
  • 2.8 Enterprise Edition
  • 3.223 Enterprise Edition

MongoDB

V5.0

DDS

4.0

Hbase

(Supported by CTS instance 23.02.27.182148 and later versions)
  • 1.3.1
  • 2.2.3

Hive
  • 1.2.2
  • 2.3.9
  • 3.1.2
  • 3.1.3

MariaDB

10.6

TDSQL

10.3.17.3.0

Vastbase

G100 V2.2

TiDB
  • V4
  • V5
  • V6
  • V7
  • V8
Figure 1 Procedure for quickly configuring database audit
Table 2 Procedure for quickly configuring database audit

Step

Configuration

Description

1

Adding a Database

Purchase database audit. Add a database to the database audit instance and enable audit for the database.

2

Adding an Agent

Select an agent add mode.

Database audit supports auditing databases built on ECS, BMS, and RDS on Huawei Cloud. Select an agent add mode based on your database deployed on Huawei Cloud.

3

Adding Security Group Rules

Configure TCP (port 8000) and UDP (ports 7000 to 7100) in the security group inbound rule of the database audit instance to allow the agent to communicate with the audit instance.

4

Installing an Agent (Linux OS)

Download and then install the agent on the database or application based on the add mode you chose.

5

Enabling Database Audit

Enable database audit and connect the added database to the database audit instance.

6

Viewing the Audit Results

By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page.

NOTICE:

You can set database audit rules as required. For details, see Adding Audit Scope.

Deploying the Database Audit Agent in a Container

For a database of any types and versions, you can deploy the agent using a container to enable database audit.

For details, see Deploying the Database Audit Agent in a Container

Helpful Links

Verifying the Result

When you connect the added database to the database audit instance, database audit records all operations performed on the database. You can view the audit result on the database audit page.