Updated on 2026-07-07 GMT+08:00

Process Overview

Scenario

This section describes the types and versions of databases that support agent installation and agent-free protection, as well as the process of configuring database audit.

Database audit supports auditing user-installed databases on ECS/BMS as well as RDS databases on Huawei Cloud.

Notes and Constraints

Databases That Do Not Need Agents

Databases of some types and versions can be audited without using agents, as shown in Table 1.

Table 1 Agent-free relational databases

Database Type

Supported Edition

TaurusDB

All editions are supported by default.

RDS for SQLServer

All editions are supported by default.

RDS for MySQL

  • 5.6 (5.6.51.1 or later)
  • 5.7 (5.7.29.2 or later)
  • 8.0 (8.0.20.3 or later)

DWS

  • 8.2.0.100 or later

PostgreSQL

NOTICE:

If the size of an SQL statement exceeds 4 KB, the SQL statement will be truncated during auditing. As a result, the SQL statement is incomplete.

  • 14 (14.4 or later)
  • 13 (13.6 or later)
  • 12 (12.10 or later)
  • 11 (11.15 or later)
  • 9.6 (9.6.24 or later)
  • 9.5 (9.5.25 or later)

RDS for MariaDB

All editions are supported by default.

  • DBSS without agents is easy to configure and use, but the following functions are not supported:
    • Successful and failed login sessions cannot be counted.
    • The port number of the client for accessing the database cannot be obtained.
  • Data Warehouse Service (DWS) has the permission control policy for the log audit function. Only Huawei Cloud accounts and users with the Security Administrator permission can enable or disable the DWS database audit function.

Databases That Need Agents

Database audit supports the following database types and versions, as shown in Table 2.
Table 2 Database types and editions supported by database audit

Database Type

Edition

MySQL

  • 5.0, 5.1, 5.5, 5.6, and 5.7
  • 8.0 (8.0.11 and earlier)
  • 8.0.30
  • 8.0.33
  • 8.0.35
  • 8.1.0
  • 8.2.0

Oracle

  • 11g

    11.1.0.6.0, 11.2.0.1.0, 11.2.0.2.0, 11.2.0.3.0, and 11.2.0.4.0

  • 12c

    12.1.0.2.0, 12.2.0.1.0

  • 19c

PostgreSQL

  • 7.4
  • 8.0, 8.1, 8.2, 8.3, and 8.4
  • 9.0, 9.1, 9.2, 9.3, 9.4, 9.5, and 9.6
  • 10.0, 10.1, 10.2, 10.3, 10.4, and 10.5
  • 11
  • 12
  • 13
  • 14

SQL Server

  • 2008
  • 2012
  • 2014
  • 2016
  • 2017

TaurusDB

8.0

DWS

  • 1.5
  • 8.1

DAMENG

DM8

KINGBASE

V8

SHENTONG

V7.0

GBase 8a

V8.5

GBase 8s

V8.8

Gbase XDM Cluster

V8.0

Greenplum

V6.0

HighGo

V6.0

GaussDB

  • 1.3 Enterprise Edition
  • 1.4 Enterprise Edition
  • 2.8 Enterprise Edition
  • 3.223 Enterprise Edition

MongoDB

V5.0

DDS

4.0

Hbase

(Supported by CTS instance 23.02.27.182148 and later versions)

  • 1.3.1
  • 2.2.3

Hive

  • 1.2.2
  • 2.3.9
  • 3.1.2
  • 3.1.3

MariaDB

10.6

TDSQL

10.3.17.3.0

Vastbase

G100 V2.2

TiDB

  • V4
  • V5
  • V6
  • V7
  • V8

Configuring Database Audit

Create a database audit instance, connect the instance with the target database, and enable database audit.

Figure 1 Process
Table 3 Procedure of configuring database audit without installing agent

Step

Configuration

Description

1

Adding a Database

After purchasing DBSS, you need to add the database to be audited to the instance.

2

Enabling Database Audit

Enable database audit and connect the added database to the database audit instance.

3

Viewing Audit Data

By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page.

NOTICE:

You can set database audit rules as required. For details about how to configure an audit rule, see Configuring an Audit Scope Rule.

Figure 2 Process
Table 4 Procedure of configuring database audit by installing the agent

Step

Configuration

Description

1

Adding a Database

Purchase database audit. Add a database to the database audit instance and enable audit for the database.

2

Adding an Agent

Select an agent add mode.

Database audit supports auditing databases built on ECS, BMS, and RDS on Huawei Cloud. Select an agent add mode based on your database deployed on Huawei Cloud.

3

Adding Security Group Rules

Configure TCP (port 8000) and UDP (ports 7000 to 7100) in the security group inbound rule of the database audit instance to allow the agent to communicate with the audit instance.

4

Download and then install the agent on the database or application based on the add mode you chose.

5

Enabling Database Audit

Enable database audit and connect the added database to the database audit instance.

6

Viewing Audit Data

By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page.

NOTICE:

You can set database audit rules as required. For details about how to configure an audit rule, see Configuring an Audit Scope Rule.

Deploying the Database Audit Agent in a Container

For a database of any types and versions, you can deploy the agent using a container to enable database audit.

For details, see Deploying the Database Audit Agent in a Container

Verifying the Result

When you connect the added database to the database audit instance, database audit records all operations performed on the database. You can view the audit result on the database audit page.

References