Configuring Oracle RAC Cluster Audit

When using DBSS for an Oracle RAC cluster, each node in the cluster is regarded as an independent database and requires an agent to forward network traffic.

Configuration

The maximum number of audited databases depends on the DBSS edition you purchased. Before the configuration, check whether the maximum number of instances supported by the DBSS edition you purchased is greater than or equal to the number of RAC cluster nodes.

Example:

If your RAC cluster has no more than three nodes, you are advised to purchase the DBSS basic edition.
If your RAC cluster has no more than six nodes, you are advised to purchase the DBSS professional edition.
If your RAC cluster has more than six nodes, you are advised to purchase the DBSS advanced edition.

**Table 1** DBSS performance and specifications
Version	Maximum Databases	System Resource	Performance
Basic	3	CPU: 4 vCPUs Memory: 16 GB Disk: 500 GB	Peak QPS: 3,000 queries/second Database load rate: 3.6 million statements/hour Stores 400 million online SQL statements. Stores 5 billion archived SQL statements.
Professional	6	CPU: 8 vCPUs Memory: 32 GB Hard disk: 1000 GB	Peak QPS: 6,000 queries/second Database load rate: 7.2 million statements/hour Stores 600 million online SQL statements. Stores 10 billion archived SQL statements.
Advanced	30	CPU: 16 vCPUs Memory: 64 GB Hard disk: 2000 GB	Peak QPS: 30,000 queries/second Database load rate: 10.80 million statements/hour Stores 1.5 billion online SQL statements. Stores 60 billion archived SQL statements.

Configuration Process

To configure the RAC cluster audit, you just need to add a database and an agent.

Click to enlarge

Prerequisites

You have purchased a DBSS instance.
You have obtained the Public-IPs and VIPs of all nodes in the cluster.
Example: The Oracle RAC cluster for which DBSS is to be enabled has three nodes.

Procedure

Log in to the Huawei Cloud management console and choose Database Security Service. Choose Database Audit > Databases. The Databases page is displayed.
In the instance drop-down list, select an instance. In the upper left corner of the database list, click Add Database.

In the dialog box that is displayed, enter the information about the RAC cluster database.

Example: Add a database to the RAC cluster node RAC-Node-01.

Figure 1 Adding an Oracle database
Click to enlarge

**Table 2** Parameters
Parameter	Description	Example Value
Database Type	Type of the database to be added, which can be RDS or Self-built database.	Self-built database
Type	Supported database type. NOTE: If ORACLE is selected, to make the audit settings take effect, restart the applications to be audited and log in to the database again.	ORACLE
Name	Name of the database to be added	test01
IP Address	IP address of the database to be added. Set this parameter to the VIP field of the cluster node.	172.16.0.50
Port	Open port of the database to be added. The default port number of Oracle databases is 1521.	1521
Version	Supported database version. If Type is set to ORACLE, the following database versions are supported: 11g 12c 19c	11g
Instance	Database instance to be audited. NOTE: If the instance name is not specified, all instances in the database will be audited. You can specify up to five instance names and use semicolons (;) to separate the names.	-
Character Set	Supported encoding format of the database character set. The options are as follows: UTF-8 GBK	UTF-8
OS	Operating system of the added database. The options are as follows: LINUX64 WINDOWS64	LINUX64

Confirm the information and click OK. The database is added to the node RAC-Node-01.

Repeat Step 3 to add databases to the node RAC-Node-02 and RAC-Node-03 in sequence. After all databases are added, view the database list, as shown in Figure 2.

Example: Databases (test01, test02, and test03) have been added to all nodes in the cluster.
Figure 2 Database list
Locate a database name, and click Add in the Agent column.

Example: Add an agent to the database test01.
Figure 3 Adding an agent

In the dialog box that is displayed, enter the information about the agent to be added, as shown in Table 3.

Example: Add an agent to the node RAC-Node-01.

Figure 4 Adding an agent
Click to enlarge

**Table 3** Parameters for adding an agent for the first time
Parameter	Description	Example Value
Add Mode	Method of adding an agent. The options are as follows: Select an existing agent Create an agent	Create an agent
Installing Node Type	This parameter is mandatory when Add Mode is set to Create an agent. The options are as follows: Database Application	Application
Installing Node IP Address	This parameter is mandatory if Installing Node Type is set to Application. If the agent is added to an RAC cluster node, enter the Public-IP field of the node.	172.16.0.55
Audited NIC Name	Optional. This parameter is configurable when Installing Node Type is set to Application. Name of the network interface card (NIC) of the application node to be audited	test-rac-01
CPU Threshold (%)	Optional. This parameter is configurable when Installing Node Type is set to Application. CPU threshold of the application node to be audited. The default value is 80. NOTICE: If the CPU usage of a server exceeds the threshold, the agent on the server will stop running.	80
Memory Threshold (%)	Optional. This parameter is configurable when Installing Node Type is set to Application. Memory threshold of the application node to be audited. The default value is 80. NOTICE: If the memory usage of your server exceeds the threshold, the agent will stop running.	80
OS	Optional. This parameter is configurable when Installing Node Type is set to Application. OS of the application node to be audited. The value can be LINUX64 or WINDOWS64.	LINUX64_X86

Click OK. The agent is added to the node RAC-Node-01.

Repeat Step 6 to add agents to the node RAC-Node-02 and RAC-Node-03 of the database test01. Expand the details of the database test01 to view all added agents, as shown in Figure 5.

Example: The agent has been added to all the nodes in the database test01 of the RAC cluster. The agent IDs are as follows: p7U_dIQBUQf7E9XurmjX, rLVIdIQBUQf7E9Xug2iQ, rrVIdIQBUQf7E9Xu3Wja

Figure 5 Viewing the added agents
Add agents to the databases test02 and test03.

Locate the database test02, and click Add in the Agent column.

In the dialog box that is displayed, enter the information about the agent to be added, as shown in Table 4.

Example: Add an agent to the database test02.

Select the agent that has been added to the database test01 and add it to the database test02.

Figure 6 Adding an existing agent
Click to enlarge

**Table 4** Parameters for adding an existing agent
Parameter	Description	Example Value
Add Mode	Method of adding an agent. The options are as follows: Select an existing agent Create an agent	Selecting an existing agent
Database Name	Select a database that has added an agent. Example: test01	test01
AgentID	Select an agent ID of the selected database. Example: Three nodes of the database test01 have added agents. You need to select one agent at a time and add the three agents in sequence.	p7U_dIQBUQf7E9XurmjX

Click OK. An existing agent is added to the database test02.

Repeat Step 8 and Step 9 to add the other two agents. After the agents are added, check whether the database test01 and test02 contain the same agents.

Figure 7 Checking the agent information
Repeat Step 8 to Step 10 to add agents to the database test03. Ensure that the agents of all databases in the RAC cluster are the same.

Example: After the cluster is deployed, add the the same agents to the databases test01, test02, and test03 and ensure that the number of agents in each database is the same as the number of nodes in the cluster.
Figure 8 Checking the agent information
After the cluster databases and agents are configured, you can add security group rules, download and install agents, and enable the audit function.

For details, see Adding a Security Group Rule, Downloading and Installing an Agent, and Enabling Database Audit.