Configuring an Audit Scope Rule
By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance.
You can also set an audit scope and specify the databases to be audited.
You can check the audit scope rule list and enable, disable, edit, or delete these rules.
Prerequisites
- The database audit instance is in the Running state.
- Before enabling, editing, or deleting the audit scope, ensure that the status of audit scope is Disabled.
- Before disabling the audit scope, ensure that the status of audit scope is Enabled.
Constraints and Limitations
- By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. This audit rule is enabled by default. You can disable it but cannot delete it.
- By default, the full audit rule takes effect even if other rules exist. To make another audit rule take effect, disable the full audit rule first.
Configuring an Audit Scope Rule
- Log in to the DBSS console.
- Click
in the upper left corner on the displayed page and select a region. - In the Instance drop-down list, select an instance.
- In the navigation tree on the left, choose Rules.
Checking the Audit Scope Rule List
Check the audit scope rule list. For details, see Table 1.
| Parameter | Description |
|---|---|
| Name | Name of the audit scope |
| Excluded IP Addresses (Optional) | Whitelisted IP addresses within the audit scope |
| Source IP Address (Optional) | IP address or IP address range used for accessing the database |
| Source Port (Optional) | Port number of the IP address to be audited |
| Database Name | Database in the audit scope |
| Database Account (Optional) | Database username |
| Status | Status of the audit scope. The options are as follows:
|
Adding an Audit Scope Rule
- Add Audit Scope above the audit scope list.
- In the displayed dialog box, set the audit scope, as shown in Figure 2. For details about related parameters, see Table 2.
Table 2 Parameters Parameter
Description
Example Value
Name
Name of the custom audit scope
audit00
Database Name
Select a database or ALL.
db03
Operation Type (Optional)
Audited operation type. It can be Login or Operation.
When you select the Operation check box, you can select All operations or the operations in DDL, DML, and DCL.
NOTE:The operation type of agent-free audit depends on the recognition result of RDS. For example, CREATE USER and CREATE TABLE statements may be recognized as CREATE, DROP USER and DROP TABLE statements may be recognized as DROP, and SELECT FOR UPDATE statements may be recognized as SELECT. For details about how to view the operation type of an SQL statement, see Viewing SQL Statement Details.
Login
Database Account (Optional)
(Optional) Database username.
You can specify multiple accounts, separated by commas (,).
-
Excluded IP Addresses (Optional)
(Optional) IP addresses that do not need to be audited.
NOTE:If an IP address is set as both a source and an exception IP address, the IP address will not be audited.
-
Source IP Address (Optional)
(Optional) IP address or IP address range used for accessing the database to be audited
The IP address must be an internal IP address in IPv4 or IPv6 format.
-
Source Port (Optional)
(Optional) Port number used for accessing the database to be audited
-
- Click OK.
After the audit scope is added, it will be displayed in the audit scope list and in the Enabled state.
Enabling an Audit Scope Rule
In the Operation column of an audit scope rule, click Enable. Database audit will be performed on the databases within the scope.
Disabling an Audit Scope Rule
- In the Operation column of an audit scope rule, click Disable.
- In the displayed dialog box, click OK.
When the audit scope is disabled, the audit scope rule will not be executed in the audit.
Editing an Audit Scope Rule
Only custom audit scope rules can be edited.
- In the Operation column of an audit scope rule, click Edit.
- In the displayed dialog box, modify the audit scope and click OK.
Deleting an Audit Scope Rule
Only custom audit scope rules can be deleted.
- In the Operation column of an audit scope rule, click Delete.
- In the displayed dialog box, enter DELETE and click OK.
To set a database audit scope for the instance after the deletion, add an audit scope rule again.
References
- You can add a custom SQL rule to audit all the database connected to database audit. For details, see Configuring SQL Injection Rules.
- You can add a risky operation rule to audit risky operations on databases. For details, see Managing Risky Operation Rules.
- To mask sensitive information in entered SQL statements, you can enable the function of masking privacy data and configure masking rules to prevent sensitive information leakage. For details, see Configuring Privacy Data Protection Rules.
- You can add trusted SQL statements to the whitelist. Database audit will ignore whitelisted SQL statements. For details, see Configuring SQL Whitelist.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
