Updated on 2024-03-06 GMT+08:00

Process Overview

Background

Database audit supports auditing user-installed databases on ECS/BMS as well as RDS databases on Huawei Cloud.

Auditing Databases Without Agents

Databases of some types and versions can be audited without using agents, as shown in Table 1.

Table 1 Agent-free relational databases

Database Type

Supported Edition

GaussDB(for MySQL)

All editions are supported by default.

RDS for SQLServer

All editions are supported by default.

RDS for MySQL

  • 5.6 (5.6.51.1 or later)
  • 5.7 (5.7.29.2 or later)
  • 8.0 (8.0.20.3 or later)

GaussDB(DWS)

  • 8.2.0.100 or later

PostGresql

  • 14 (14.4 or later)
  • 13 (13.6 or later)
  • 12 (12.10 or later)
  • 11 (11.15 or later)
  • 9.6 (9.6.24 or later)
  • 9.5 (9.5.25 or later)
  • DBSS without agents is easy to configure and use, but the following functions are not supported:
    • Successful and failed login sessions cannot be counted.
    • The port number of the client for accessing the database cannot be obtained.
  • GaussDB(DWS) has the permission control policy for the log audit function. Only Huawei Cloud accounts and users with the Security Administrator permission can enable or disable the DWS database audit function.
Figure 1 Agent-free auditing process
Table 2 Procedure for quickly configuring database audit

Step

Configuration

Description

1

Adding a Database

Purchase database audit. Add a database to the database audit instance and enable audit for the database.

Apply for database audit. Add a database to the database audit instance and enable audit for the database.

2

Enabling Database Audit

Enable database audit and connect the added database to the database audit instance.

3

Viewing the Audit Results

By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can view the audit result on the database audit page.

NOTICE:

You can set database audit rules as required. For details, see Adding Audit Scope.