tencent cloud

Feedback

Unable to Query Logs on the Audit Log Page

Last updated: 2024-10-16 16:43:53

    Symptom Description

    Despite purchasing CDS, unable to query audit logs on the Audit Log page, as shown below:
    

    Possible Causes

    1. The corresponding database is not correctly added or audit permissions are not enabled.
    2. The database is running locally and not connected to the network.
    3. The database has SSL encryption enabled.
    4. The agent is not correctly deployed.

    Solutions

    Troubleshoot according to each of the above four possible causes one by one.

    Directions

    Troubleshoot according to the following steps in sequence, until you discover the cause and resolve the problem.

    Step 1: Check if the corresponding asset has been correctly added and audit permissions are enabled.

    1. Check if the corresponding database has been added on the Data Assets page and audit permissions have been enabled. Only databases that have been added and have audit permissions enabled can be audited correctly.
    
    2. Check if the IP address of the added asset matches the IP address in the client's connection string. For example, if the added asset IP is a private IP address, but the client uses a public IP address to access the database, the operation cannot be audited. The public IP address must also be configured in the data assets for the audit feature to function correctly. For database clusters, if the configuration is set to the primary node address but the database is accessed via the cluster address, the operation cannot be audited; the configuration should be set to the cluster address to audit the operation correctly.
    

    Step 2: Check If It Is Local Audit.

    Since CDS obtains logs by capturing network traffic through Agent, if the database server, where Agent is installed, is directly accessed through MySQL command login without going through the network, the data can't be audited. You can add an asset with IP Data Assets Page on the Data Assets Page and enable audit permission, and data can be audited if the MySQL command includes the -h 127.0.0.1 parameter.

    Step 3: Check If a Database Has SSL Encryption Enabled

    If the database has SSL enabled, then the traffic data packets are encrypted, and CDS cannot decrypt them.
    1. In the database, input the following command to check if SSL encryption is enabled.
    Description
    The command is applicable to MySQL databases only, and you can search details for other types of databases accordingly.
    show global variables like '%ssl%';
    2. As shown in the following picture, if the value of have_ssl is YES, it indicates that SSL is enabled, and you need to disable SSL to allow auditing.
    

    Step 4: Troubleshoot If the Agent Has Been Correctly Deployed.

    1. Check if you used the correct agent installation package. Make sure the agent installation package corresponding to the deployment location is installed, so that auditing can be performed normally.
    Description:
    The downloaded agent package name is dsaagent_deployment location_operating system_xxx.zip. The installation package names for different operating systems are as follows:
    dsaagent_innernet_linux_xxx.zip is for Linux system agent on Tencent Cloud's private network.
    dsaagent_outnet_win_xxx.zip is for Windows system agent not on Tencent Cloud.
    dsaagent_innernet_linux_xxx.zip is for Linux system agent on Tencent Cloud's private network.
    dsaagent_outnet_win_xxx.zip is for Windows system agent not on Tencent Cloud.
    2. For agents on Tencent Cloud private network, you need to connect the VPC before downloading the agent that is to be deployed (enable the audit permission for the VPC asset to establish the connection). You can view the connected VPC in the VPC Upstream List.
    
    3. For agents not on Tencent Cloud, you can Contact Us and provide the public IP address of the host machine for the agent, and we will add it to the allowlist.
    4. For agents to be deployed on a machine with Windows operating system, make sure that there are no spaces in the installation directory.
    5. For agents to be deployed on an application server, check if the server has executed SQL operations on the database to be audited. SQL operations executed on other servers cannot be captured by this agent.
    If there are still no logs after you troubleshoot according to the above steps, you can Contact Us and provide the public IP address of the host machine for the agent. We will provide further support for you.
    
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support