Enabling Audit Service
Download
Focus Mode
Font Size
Tencent Cloud TDSQL-C for MySQL provides database audit capabilities, which record database access and SQL statement execution. This helps enterprises control risks and improve their data security level.
This document describes how to enable the audit service via the console.
Prerequisites
Supported Versions
Database audit currently supports database kernel versions TXSQL 5.7 2.0.15 and later versions, as well as TXSQL 8.0 3.0.1 and later versions.
Operation Steps
1. Log in to the TDSQL-C for MySQL console.
2. In the left sidebar, select Database Audit.
3. Select a region at the top, click the Audit Log Storage Status field on the Audit Instance page, and select Disabled to filter instances with the audit service disabled.
4. Locate the target instance in the audit instance list (you can also quickly find it by filtering with resource attributes in the search box), and click Enable Database Audit in its Operation column.
Note:
Batch enabling of the audit service is supported. On the audit instance list page, select multiple target instances and click Enable Database Audit at the top to go to the configuration page.
5. On the Enable Audit Service page, complete the following steps in sequence: select the audit instance, configure the audit rules, configure the audit service, read and select the Tencent Cloud Service Agreement, and click OK.
5.1 Select Audit Instance
Under the audit instance selection option, the system automatically selects the instances chosen in Step 4 by default. You can also modify the target instances in this window (select other instances or multiple instances) or quickly locate target instances in the search box by Instance ID / Name. After completing the instance selection, go to the audit rule configuration.
5.2 Audit Rule Settings
In the audit mode setting, you need to select either Full Audit or Rule-based Audit. A detailed comparison of the two is provided in the table below.
Parameter | Description |
Full Audit | Comprehensively records all access to the database and the execution of SQL statements. |
Rule-Based Audit | Rule-based auditing records access to the database and the execution of SQL statements based on custom audit rules. |
When
Full Audit
is selected as the audit type, perform the following operations.Select an existing template or create a new rule template from the rule templates. For detailed instructions on creating a new template, refer to Create Rule Template.
Note:
You can apply up to five rule templates, and different rule templates are in an "OR" relationship.
Rule templates for instances with the "Full Audit" type are used solely to set risk levels and alarm policies for audit logs that match the rules within the templates. Audit logs that do not match any rules are retained.
When the audit type is set to Rule-based Audit, you can select an existing rule template or create a new one from the rule templates. If you select an existing rule template, you can go directly to the audit service configuration. If no suitable rule exists in the rule templates, you can create a new rule template and refresh the list to select the newly created template. For detailed instructions, refer to Create Rule Template.
Note:
You can apply up to five rule templates, and different rule templates are in an "OR" relationship.
Rule templates for instances with the "Rule-based Audit" type are used to retain audit logs, set risk levels, and configure alarm policies for audit logs that match the rules within the templates. Audit logs that do not match any rules are not retained.
5.3
Configure Audit
Under the audit service configuration items, you need to set the retention period for audit logs and the storage duration for high and low frequencies, read and select the Tencent Cloud Service Agreement, and then click OK to enable the audit service.
Parameter | Description |
Log Retention Period | Set the retention period for audit logs. Unit: day. Supported values: 7, 30, -90, 180, 365, 1095, and 1825 days. |
Frequent Access Storage Period | Frequent access storage has the best query performance as it uses ultra high-performance storage media. Audit data is initially stored in frequent access storage for the time period specified here, after which it is automatically migrated to infrequent access storage. These two storage types only differ in performance but both support auditing. For example, if the log retention period is set to 30 days, and frequent access storage period is set to 7 days, then the infrequent access storage period will be 23 days by default. |
Related APIs
API | Description |
This API (OpenAuditService) is used to enable the database audit service for an instance. |
Help and Support
Was this page helpful?
You can also Contact sales or Submit a Ticket for help.
Help us improve! Rate your documentation experience in 5 mins.
Feedback