- Release Notes and Announcements
- Release Notes
- Open-Source Plugin Privilege Escalation Has Vulnerability Risk for PostgreSQL
- Announcements
- Security Risk Statement for Creating Partial Plugins in PostgreSQL Cloud Database
- TencentDB for PostgreSQL Will Start Billing for Backup Space
- Some Extensions on Lower Kernel Version Can't Be Created and Upgraded in TencentDB for PostgreSQL
- Announcement on the Risk of Privilege Escalation Vulnerability in Cloud Database PostgreSQL Open Source Plugin
- Product Introduction
- Purchase Guide
- Getting Started
- Kernel Version Introduction
- Operation Guide
- Instance Management
- Instance Lifecycle
- Setting Instance Maintenance Time
- Modifying Instance Configuration
- Setting instance availability zone for disaster recovery or region disaster recovery
- Modifying AZs
- Terminating Instances
- Restoring Instances
- Eliminating Instances
- Restarting Instances
- Modifying Data Replication Mode
- Switch Source-Replica Instance
- Upgrading Instance
- Read-Only Instance
- Account Management
- Database Management
- Database Optimization
- Parameter Management
- Log management
- Backup and Restoration
- Backup Principles and Solutions
- Backing up Data
- Downloading Backup
- Cloning Instance
- Automatic Backup Settings
- Restoring PostgreSQL Data on CVMs
- Deleting Backup
- Viewing Backup Space
- Setting Backup Download Rules
- Use Serverless Cloud Function to Transfer Historical Backups of PostgreSQL
- Rollback to the Original Instance
- Data Migration
- Database Audit
- Extension Management
- Network Management
- Access Management
- Data Encryption
- Tenant and Resource Isolation
- Security Groups
- Monitoring and Alarms
- Tag
- Instance Management
- PostgreSQL for Serverless
- MSSQL Compatible Version
- Practical Tutorial
- postgres_fdw Extension for Cross-database Access
- Automatically Creating Partition in PostgreSQL
- Searching in High Numbers of Tags Based on pg_roaringbitmap
- Querying People Nearby with One SQL Statement
- Configuring TencentDB for PostgreSQL as GitLab's External Data Source
- Supporting Tiered Storage Based on cos_fdw Extension
- Implement Read/Write Separation via pgpool
- Analyzing Slow SQL Using the auto_explain Plugin
- Using pglogical for Logical Replication
- Performance White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- CreateInstances
- DescribeDBInstances
- DescribeDBInstanceAttribute
- DescribeEncryptionKeys
- DescribeDBInstanceHAConfig
- SwitchDBInstancePrimary
- ModifyDBInstanceName
- ModifyDBInstanceSpec
- ModifyDBInstanceDeployment
- UpgradeDBInstanceKernelVersion
- ModifyDBInstanceHAConfig
- ModifyDBInstanceChargeType
- ModifyDBInstancesProject
- ModifySwitchTimePeriod
- RenewInstance
- SetAutoRenewFlag
- RestartDBInstance
- IsolateDBInstances
- DisIsolateDBInstances
- DestroyDBInstance
- CreateDBInstances
- InitDBInstances
- UpgradeDBInstance
- UpgradeDBInstanceMajorVersion
- Read-only Replica APIs
- Backup and Recovery APIs
- DescribeAvailableRecoveryTime
- DescribeCloneDBInstanceSpec
- CloneDBInstance
- RestoreDBInstanceObjects
- DescribeBackupOverview
- DescribeBackupSummaries
- DescribeBackupPlans
- ModifyBackupPlan
- CreateBaseBackup
- DescribeBaseBackups
- ModifyBaseBackupExpireTime
- DeleteBaseBackup
- DescribeLogBackups
- DeleteLogBackup
- DescribeBackupDownloadURL
- DescribeBackupDownloadRestriction
- ModifyBackupDownloadRestriction
- DescribeDBXlogs
- DescribeDBBackups
- Parameter Management APIs
- Security Group APIs
- Performance Optimization APIs
- Account APIs
- Specification APIs
- PostgreSQL for Serverless APIs
- Network APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Contact Us
- Release Notes and Announcements
- Release Notes
- Open-Source Plugin Privilege Escalation Has Vulnerability Risk for PostgreSQL
- Announcements
- Security Risk Statement for Creating Partial Plugins in PostgreSQL Cloud Database
- TencentDB for PostgreSQL Will Start Billing for Backup Space
- Some Extensions on Lower Kernel Version Can't Be Created and Upgraded in TencentDB for PostgreSQL
- Announcement on the Risk of Privilege Escalation Vulnerability in Cloud Database PostgreSQL Open Source Plugin
- Product Introduction
- Purchase Guide
- Getting Started
- Kernel Version Introduction
- Operation Guide
- Instance Management
- Instance Lifecycle
- Setting Instance Maintenance Time
- Modifying Instance Configuration
- Setting instance availability zone for disaster recovery or region disaster recovery
- Modifying AZs
- Terminating Instances
- Restoring Instances
- Eliminating Instances
- Restarting Instances
- Modifying Data Replication Mode
- Switch Source-Replica Instance
- Upgrading Instance
- Read-Only Instance
- Account Management
- Database Management
- Database Optimization
- Parameter Management
- Log management
- Backup and Restoration
- Backup Principles and Solutions
- Backing up Data
- Downloading Backup
- Cloning Instance
- Automatic Backup Settings
- Restoring PostgreSQL Data on CVMs
- Deleting Backup
- Viewing Backup Space
- Setting Backup Download Rules
- Use Serverless Cloud Function to Transfer Historical Backups of PostgreSQL
- Rollback to the Original Instance
- Data Migration
- Database Audit
- Extension Management
- Network Management
- Access Management
- Data Encryption
- Tenant and Resource Isolation
- Security Groups
- Monitoring and Alarms
- Tag
- Instance Management
- PostgreSQL for Serverless
- MSSQL Compatible Version
- Practical Tutorial
- postgres_fdw Extension for Cross-database Access
- Automatically Creating Partition in PostgreSQL
- Searching in High Numbers of Tags Based on pg_roaringbitmap
- Querying People Nearby with One SQL Statement
- Configuring TencentDB for PostgreSQL as GitLab's External Data Source
- Supporting Tiered Storage Based on cos_fdw Extension
- Implement Read/Write Separation via pgpool
- Analyzing Slow SQL Using the auto_explain Plugin
- Using pglogical for Logical Replication
- Performance White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- CreateInstances
- DescribeDBInstances
- DescribeDBInstanceAttribute
- DescribeEncryptionKeys
- DescribeDBInstanceHAConfig
- SwitchDBInstancePrimary
- ModifyDBInstanceName
- ModifyDBInstanceSpec
- ModifyDBInstanceDeployment
- UpgradeDBInstanceKernelVersion
- ModifyDBInstanceHAConfig
- ModifyDBInstanceChargeType
- ModifyDBInstancesProject
- ModifySwitchTimePeriod
- RenewInstance
- SetAutoRenewFlag
- RestartDBInstance
- IsolateDBInstances
- DisIsolateDBInstances
- DestroyDBInstance
- CreateDBInstances
- InitDBInstances
- UpgradeDBInstance
- UpgradeDBInstanceMajorVersion
- Read-only Replica APIs
- Backup and Recovery APIs
- DescribeAvailableRecoveryTime
- DescribeCloneDBInstanceSpec
- CloneDBInstance
- RestoreDBInstanceObjects
- DescribeBackupOverview
- DescribeBackupSummaries
- DescribeBackupPlans
- ModifyBackupPlan
- CreateBaseBackup
- DescribeBaseBackups
- ModifyBaseBackupExpireTime
- DeleteBaseBackup
- DescribeLogBackups
- DeleteLogBackup
- DescribeBackupDownloadURL
- DescribeBackupDownloadRestriction
- ModifyBackupDownloadRestriction
- DescribeDBXlogs
- DescribeDBBackups
- Parameter Management APIs
- Security Group APIs
- Performance Optimization APIs
- Account APIs
- Specification APIs
- PostgreSQL for Serverless APIs
- Network APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Contact Us
TencentDB for PostgreSQL provides database audit capabilities to help you record accesses to databases and executions of SQL statements, so you can manage risks and improve the database security level.
Use Cases
Audit risks
Difficulty in tracing and locating security breaches due to incomplete audit logs.
Inability to meet the requirements defined by China's Classified Protection of Cybersecurity (Level 3).
Inability to meet the requirements defined by industry-specific information security compliance documents.
Administrative risks
Business system security risks caused by faulty, non-compliant, and unauthorized operations of technical personnel.
Faulty and malicious operations and tampering by third-party development and maintenance personnel.
Excessive permissions granted to the super administrator, which cannot be audited and monitored.
Technical challenges
Database system SQL injections and maliciously pull data from databases and tables.
Inability to quickly locate the sudden increase of database requests that are not slow logs.
Billing Overview
TencentDB for PostgreSQL audit is currently in the invitation-based beta stage and it is free of charge now. Specific billing dates will be notified later. If you need to use it, please click Submit a Ticket.
Supported Versions
TencentDB for PostgreSQL audit is supported for dual-machine high-availability (one primary and one standby) master instances and read-only instances on PostgreSQL engine versions v11.12_r1.14, v12.7_r1.15, v13.3_r1.12, v14.2_r1.15, v15.1_r1.7, v16 and all later versions.
Prerequisites
Note:
For legacy versions of TencentDB for PostgreSQL instances that need to enable full database audit capabilities, please upgrade the kernel minor version first.
Enabling and disabling the audit service requires a database restart. Please be aware.
Directions
1. Log in to TencentDB for PostgreSQL Console.
2. In the left sidebar, select Database Audit.
3. After selecting a region above, on the audit instance page, click Audit Status to view the list of enabled and disabled audit instances.
4. In the audit instance list, find the target instance (you may also quickly search for it by filtering resource attributes in the search box). In its Operations column, click Enable Audit Service.
Note:
Batch enabling the audit service is supported. On the audit instance list page, check multiple target instances, and click Enable Audit Service above to enter the setting interface.
5. In the Enable Audit Service interface, sequentially complete Audit Instance Selection, Audit Rule Settings, Audit Service Settings, read and check Tencent Cloud Service Agreement, and then click OK.
5.1 Audit Instance Selection
Under the Audit Instance Selection, the system by default checks the instances selected in Step 4. Also, in this window, instance modifications (other instance selections, multiple selections) are supported. Or, in the search box, quickly search for target instances by instance ID/Name. After completing the instance selection, you may proceed to Audit Rule Settings.
5.2 Audit Rule Settings
Under Audit Rule Settings, currently, only Full Audit is supported. In the Full Audit mode, the system records all access to the database and the execution of SQL statements. Audit logs support Fast Audit and Detailed Audit. For details, see Audit service description. After setting the audit rules, you may proceed to the Audit Service Settings.
5.3 Audit Service Settings
Under Audit Service Settings, you need to set Log Retention Period and Ultra-High-Performance Storage/Infrequent Access Storage Duration, read and check Tencent Cloud Service Agreement, and then click OK to activate the audit service.
Parameter | Description |
Log Retention Period | Setting the retention period of audit logs. Unit: day. Offering selections of 7, 30, 90, 180, 365, 1090, 1825 days. |
Ultra-High-Performance Storage Duration | Ultra-high-performance storage represents an ultra high performance storage medium with the best query performance. Unit: day. After setting the Storage Duration, audit data within the specified duration will be stored in ultra-high-performance storage. When data exceeds its specified period in ultra-high-performance storage, it will automatically transition to infrequent access storage. Different storages support the same audit capabilities, only differing in performance. For example: If the Log Retention Period is set to 30 days, and the Ultra-High-Performance Storage Duration is set to 7 days, then the Infrequent Access Storage Duration defaults to 23 days. |
Yes
No
Was this page helpful?