TencentDB for PostgreSQL provides database audit capabilities to help you record accesses to databases and executions of SQL statements, so you can manage risks and improve the database security level.
Use Cases
Audit risks
Difficulty in tracing and locating security breaches due to incomplete audit logs.
Inability to meet the requirements defined by China's Classified Protection of Cybersecurity (Level 3).
Inability to meet the requirements defined by industry-specific information security compliance documents.
Administrative risks
Business system security risks caused by faulty, non-compliant, and unauthorized operations of technical personnel.
Faulty and malicious operations and tampering by third-party development and maintenance personnel.
Excessive permissions granted to the super administrator, which cannot be audited and monitored.
Technical challenges
Database system SQL injections and maliciously pull data from databases and tables.
Inability to quickly locate the sudden increase of database requests that are not slow logs.
Billing Overview
TencentDB for PostgreSQL audit is currently in the invitation-based beta stage and it is free of charge now. Specific billing dates will be notified later. If you need to use it, please click Submit a Ticket. Supported Versions
TencentDB for PostgreSQL audit is supported for dual-machine high-availability (one primary and one standby) master instances and read-only instances on PostgreSQL engine versions v11.12_r1.14, v12.7_r1.15, v13.3_r1.12, v14.2_r1.15, v15.1_r1.7, v16 and all later versions.
Prerequisites
Note:
For legacy versions of TencentDB for PostgreSQL instances that need to enable full database audit capabilities, please upgrade the kernel minor version first.
Enabling and disabling the audit service requires a database restart. Please be aware.
Directions
2. In the left sidebar, select Database Audit.
3. After selecting a region above, on the audit instance page, click Audit Status to view the list of enabled and disabled audit instances.
4. In the audit instance list, find the target instance (you may also quickly search for it by filtering resource attributes in the search box). In its Operations column, click Enable Audit Service.
Note:
Batch enabling the audit service is supported. On the audit instance list page, check multiple target instances, and click Enable Audit Service above to enter the setting interface.
5. In the Enable Audit Service interface, sequentially complete Audit Instance Selection, Audit Rule Settings, Audit Service Settings, read and check Tencent Cloud Service Agreement, and then click OK.
5.1 Audit Instance Selection
Under the Audit Instance Selection, the system by default checks the instances selected in Step 4. Also, in this window, instance modifications (other instance selections, multiple selections) are supported. Or, in the search box, quickly search for target instances by instance ID/Name. After completing the instance selection, you may proceed to Audit Rule Settings.
5.2 Audit Rule Settings
Under Audit Rule Settings, currently, only Full Audit is supported. In the Full Audit mode, the system records all access to the database and the execution of SQL statements. Audit logs support Fast Audit and Detailed Audit. For details, see Audit service description. After setting the audit rules, you may proceed to the Audit Service Settings. 5.3 Audit Service Settings
Under Audit Service Settings, you need to set Log Retention Period and Ultra-High-Performance Storage/Infrequent Access Storage Duration, read and check Tencent Cloud Service Agreement, and then click OK to activate the audit service.
|
Log Retention Period | Setting the retention period of audit logs. Unit: day. Offering selections of 7, 30, 90, 180, 365, 1090, 1825 days. |
Ultra-High-Performance Storage Duration | Ultra-high-performance storage represents an ultra high performance storage medium with the best query performance. Unit: day. After setting the Storage Duration, audit data within the specified duration will be stored in ultra-high-performance storage. When data exceeds its specified period in ultra-high-performance storage, it will automatically transition to infrequent access storage. Different storages support the same audit capabilities, only differing in performance. For example: If the Log Retention Period is set to 30 days, and the Ultra-High-Performance Storage Duration is set to 7 days, then the Infrequent Access Storage Duration defaults to 23 days. |
Was this page helpful?