Updated on 2025-04-16 GMT+08:00

Process Overview

Context

Database audit supports auditing user-installed databases on ECS/BMS as well as RDS databases on Huawei Cloud.

Auditing Databases Without Agents

Databases of some types and versions can be audited without using agents, as shown in Table 1.

Table 1 Agent-free relational databases

Type

Supported Edition

GaussDB for MySQL

All editions are supported by default.

RDS for SQLServer

All editions are supported by default.

RDS for MySQL

  • 5.6 (5.6.51.1 or later)
  • 5.7 (5.7.29.2 or later)
  • 8.0 (8.0.20.3 or later)

GaussDB(DWS)

  • 8.2.0.100 or later

PostgreSQL

NOTICE:

If the size of an SQL statement exceeds 4 KB, the SQL statement will be truncated during auditing. As a result, the SQL statement is incomplete.

  • 14 (14.4 or later)
  • 13 (13.6 or later)
  • 12 (12.10 or later)
  • 11 (11.15 or later)
  • 9.6 (9.6.24 or later)
  • 9.5 (9.5.25 or later)

RDS for MariaDB

All editions are supported by default.

  • DBSS without agents is easy to configure and use, but the following functions are not supported:
    • Successful and failed login sessions cannot be counted.
    • The port number of the client for accessing the database cannot be obtained.
  • GaussDB(DWS) has the permission control policy for the log audit function. Only Huawei Cloud accounts and users with the Security Administrator permission can enable or disable the DWS database audit function.
Figure 1 Agent-free auditing process
Table 2 Procedure for quickly configuring database audit

Step

Configuration

Description

1

Adding a Database

After purchasing DBSS, you need to add the database to be audited to the instance.

2

Enabling Database Audit

Enable database audit and connect the added database to the database audit instance.

3

Viewing the Audit Results

By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page.

NOTICE:

You can set database audit rules as required. For details, see Adding Audit Scope.