tencent cloud

フィードバック

Enabling Audit Service

最終更新日:2024-06-18 09:37:17
    TDSQL-C for MySQL provides database audit capabilities to help you record accesses to databases and executions of SQL statements, so you can manage risks and improve the database security. This document describes how to enable the audit service in the console.

    Prerequisite

    You have created a cluster. For more information, see Creating Cluster.
    To utilize the rule-based audit capability, please submit a service ticket.
    The event alarm function is currently only available in Beijing, Shanghai, Guangzhou, Chengdu, and Singapore. To use it, please submit a service ticket.
    For instances belonging to Full Audit, if it is necessary to set risk levels and alarm policies for audit logs, please submit a service ticket.

    Directions

    1. Log in to the TDSQL-C for MySQL console.
    2. On the left sidebar, click Database Audit.
    3. After selecting a region at the top, click on Audit Status on the Audit Instance page, and select the Disabled option to filter instances that have not enabled audit.
    
    4. Find the target instance in the audit instance list, or search for it by resource attribute in the search box, and click Enable Database Audit in the Operation column.
    Note:
    You can batch enable the audit service for multiple target instances by selecting them in the audit instance list and clicking Enable Database Audit above the list.
    
    5. On the Enable Database Audit page, configure Select Audit Instance, Audit Rule Settings, Configure Audit, read and indicate your consent to the Tencent Cloud Terms of Service, and click OK.
    5.1 Audit instance selection In the Select Audit Instance section, all instances selected in Step 4 are selected by default. You can select other or more target instances in this window or search for target instances by instance ID/name in the search box. Then, set the audit rule.
    
    5.2 Audit rule settings
    
    In the Audit Rule Settings section, select Full Audit or Rule-Based Audit. Their differences are as detailed below:
    Parameter
    Description
    Full Audit
    Full audit records all database accesses and SQL statement executions.
    Rule-Based Audit
    Rule-based audit records the access to the database and the execution of SQL statements based on the customized audit rules.
    When the audit mode is set to Full Audit, there are two actual operational scenarios in the console, for which you may refer to the corresponding procedures.
    Scenario 1: Risk level and alarm capability without applying for the use of full audit
    Scenario 2: Risk level and alarm capability after applying for the use of full audit
    Upon setting the audit mode to Full Audit, you may directly proceed to the audit service settings step.
    5.2.1 Select the exsiting template from the rule template or choose to create a rule template. For more information, please refer to Create Rule Template.
    5.2.2 Upon completion of the rule template setting, proceed to the Audit Service Setup step.
    Note:
    You may apply up to five rule templates, with the relationship between different rule templates being "or".
    The rule template is designed for instances of Full Audit mode, and is only used for setting risk levels and alarm policies for audit logs that match the rule content of the template. Audit logs that do not match the rule content are still retained.
    When the audit mode is set to Rule-Based Audit, you may select an existing rule template from the rule template or create a rule template. If an existing rule template from the rule template is chosen, you can directly proceed to the audit service settings. If there is no suitable rule templates in the rule template, you can refresh after creating a rule template, and then select the created one. For more information, please refer to create rule template.
    Note:
    You may apply up to five rule templates, with the relationship between different rule templates being "or".
    The rule template is designed for instances of Rule-Based Audit mode. It is used for log retainment and risk level and alarm policy settings of the audit logs that match the template rule content. Audit logs that do not match the rule content are no longer retained.
    5.3 
    Audit service settings
    In the Configure audit section, set the audit log retention period as well as frequent and infrequent access storage periods, read and indicate your content to the Tencent Cloud Terms of Service, and click OK.
    
    Parameter
    Description
    Log Retention Period
    The audit log retention period in days, which can be 7, 30, 90, 180, 365, 1,095, or 1,825 days.
    Frequent Access Storage Period
    Frequent access storage has the best query performance as it uses ultra high-performance storage media. Audit data is initially stored in frequent access storage for the time period specified here, after which it is automatically migrated to infrequent access storage. These two storage types only differ in performance but both support auditing. For example, if the log retention period is set to 30 days, and frequent access storage period is set to 7 days, then the infrequent access storage period will be 23 days by default.
    お問い合わせ

    カスタマーサービスをご提供できるため、ぜひお気軽にお問い合わせくださいませ。

    テクニカルサポート

    さらにサポートが必要な場合は、サポートチケットを送信して弊社サポートチームにお問い合わせください。24時間365日のサポートをご提供します。

    電話サポート(24 時間365日対応)