vpruthi/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
doc-exports/docs/dws/umn/dws_01_0075.html
Lu, Huayi 95132e24fc DWS UMN 830.201_new version 
Reviewed-by: Pruthi, Vineet <vineet.pruthi@t-systems.com>
Reviewed-by: Rechenburg, Matthias <matthias.rechenburg@t-systems.com>
Co-authored-by: Lu, Huayi <luhuayi@huawei.com>
Co-committed-by: Lu, Huayi <luhuayi@huawei.com>
2024-05-27 11:54:34 +00:00

90 lines
16 KiB
HTML
Raw Blame History

<a name="EN-US_TOPIC_0000001659054638"></a><a name="EN-US_TOPIC_0000001659054638"></a>
<h1 class="topictitle1">Configuring the Database Audit Logs</h1>
<div id="body8662426"><div class="section" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_section6488541984957"><h4 class="sectiontitle">Prerequisites</h4><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p58331571154817">Database audit logs are configured on the <span class="wintitle" id="EN-US_TOPIC_0000001659054638__wintitle9276192271312"><b>Security Settings</b></span> page. You can change security settings only when the cluster status is <span class="parmvalue" id="EN-US_TOPIC_0000001659054638__parmvalue14276132291317"><b>Available</b></span> and <span class="parmvalue" id="EN-US_TOPIC_0000001659054638__parmvalue1827662217133"><b>Unbalanced</b></span>, and <strong id="EN-US_TOPIC_0000001659054638__b13276422181310">Task Information</strong> cannot be <span class="parmvalue" id="EN-US_TOPIC_0000001659054638__parmvalue7277162216136"><b>Creating snapshot</b></span>, <span class="parmvalue" id="EN-US_TOPIC_0000001659054638__parmvalue1927712261310"><b>Scaling out</b></span>, <span class="parmvalue" id="EN-US_TOPIC_0000001659054638__parmvalue17277192221313"><b>Changing all specifications</b></span>, <span class="parmvalue" id="EN-US_TOPIC_0000001659054638__parmvalue327802215134"><b>Configuring</b></span>, or <span class="parmvalue" id="EN-US_TOPIC_0000001659054638__parmvalue20278142213138"><b>Restarting</b></span>.</p>
</div>
<div class="section" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_section37372909114419"><h4 class="sectiontitle">Procedure</h4><ol id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_ol267491114451"><li id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_li6029015714233"><span>Log in to the GaussDB(DWS) management console.</span></li><li id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_li5247206216936"><span>Choose <strong id="EN-US_TOPIC_0000001659054638__b62761221175827">Clusters</strong> &gt; <strong id="EN-US_TOPIC_0000001659054638__b115740246475827">Dedicated Cluster</strong>.</span></li><li id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_li56042532161016"><span>In the cluster list, click the name of a cluster. Choose <span class="uicontrol" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_udf89249ddef8485cb36505e6a36c9ea2"><b>Security</b></span>.</span><p><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_acd408f2d5b6d4c0497661b26abb85340">By default, <span class="parmname" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p70fd7664fdd0405383e5c3271bf5c9fa"><b>Configuration Status</b></span> is <span class="parmvalue" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p4ca217a541e0402b9ad4d94f958ece9d"><b>Synchronized</b></span>, which indicates that the latest database results are displayed.</p>
</p></li><li id="EN-US_TOPIC_0000001659054638__li11420105513419"><span>In the <span class="parmname" id="EN-US_TOPIC_0000001659054638__parmname55426352512"><b>Audit Settings</b></span> area, set the audit items:</span><p><div class="note" id="EN-US_TOPIC_0000001659054638__note4526191033219"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="EN-US_TOPIC_0000001659054638__p849517227447">The default audit log retention policy is space-first, which means audit logs will be automatically deleted when the size of audit logs on a single node exceeds 1 GB. This function prevents node faults or low performance caused by high disk space occupied by audit logs.</p>
</div></div>
<p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p6958835115158"><a href="#EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_table48954270153356">Table 1</a> describes the detailed information about the audit items.</p>
<div class="tablenoborder"><a name="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_table48954270153356"></a><a name="en-us_topic_0000001372999374_en-us_topic_0000001098656870_table48954270153356"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_table48954270153356" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Audit items</caption><thead align="left"><tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row11786533153356"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.2.2.4.2.3.2.3.1.1"><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p15185148153356">Audit Item</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.2.2.4.2.3.2.3.1.2"><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p22037438153356"><strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b842352706191716_3">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row40202069153356"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.2.2.4.2.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p35142185153356">Unauthorized access</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.2.2.4.2.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p27944737153356">Specifies whether to record unauthorized operations. This parameter is disabled by default.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row48931238153356"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.2.2.4.2.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p4007327153356">DML operations</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.2.2.4.2.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p5704152115233">Specifies whether to record <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b7769153413314">INSERT</strong>, <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b8770834103313">UPDATE</strong>, and <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b1477043463312">DELETE</strong> operations on tables. This parameter is disabled by default.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row15098169153356"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.2.2.4.2.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p14992206153356">SELECT operations</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.2.2.4.2.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p1420151697">Specifies whether to record the <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b151641596594749">SELECT</strong> operation. This parameter is disabled by default.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row41792394153356"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.2.2.4.2.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p29740772153356">Stored procedure executions</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.2.2.4.2.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p60192322153356">Specifies whether to record operations when executing the stored procedure or user-defined functions. This parameter is disabled by default.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row43739917153356"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.2.2.4.2.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p53272364153356">COPY operations</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.2.2.4.2.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p20094216153356">Specifies whether to record the <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b46630216153356">COPY</strong> operation. This parameter is disabled by default.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row18951113153356"><td class="cellrowborder" valign="top" width="30%" headers="mcps1.3.2.2.4.2.3.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p58645179153356">DDL operations</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.2.2.4.2.3.2.3.1.2 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p1182114653320">Specifies whether to record the <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b84235270695347">CREATE</strong>, <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b84235270695352">DROP</strong>, and <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b84235270695356">ALTER</strong> operations of specified database objects. <span class="parmname" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_parmname1346420704102813"><b>DATABASE</b></span>, <span class="parmname" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_parmname297077118102813"><b>SCHEMA</b></span>, and <span class="parmname" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_parmname1289243348102813"><b>USER</b></span> are selected by default.</p>
</td>
</tr>
</tbody>
</table>
</div>
<p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p54254298153654">Except the audit items listed in <a href="#EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_table48954270153356">Table 1</a>, key audit items in <a href="#EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_table24262392153654">Table 2</a> are enabled by default on GaussDB(DWS).</p>
<div class="tablenoborder"><a name="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_table24262392153654"></a><a name="en-us_topic_0000001372999374_en-us_topic_0000001098656870_table24262392153654"></a><table cellpadding="4" cellspacing="0" summary="" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_table24262392153654" frame="border" border="1" rules="all"><caption><b>Table 2 </b>Key audit items</caption><thead align="left"><tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row1697543153654"><th align="left" class="cellrowborder" valign="top" width="30%" id="mcps1.3.2.2.4.2.5.2.3.1.1"><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p3283271153654"><strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b84235270692541_5">Parameter</strong></p>
</th>
<th align="left" class="cellrowborder" valign="top" width="70%" id="mcps1.3.2.2.4.2.5.2.3.1.2"><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p64618408153654"><strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b842352706191716_5">Description</strong></p>
</th>
</tr>
</thead>
<tbody><tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row66708561153654"><td class="cellrowborder" rowspan="5" valign="top" width="30%" headers="mcps1.3.2.2.4.2.5.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p34684395153654">Key audit items</p>
</td>
<td class="cellrowborder" valign="top" width="70%" headers="mcps1.3.2.2.4.2.5.2.3.1.2 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p51991696153654">Records successful and failed logins and logout.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row65272081153654"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.4.2.5.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p52547180153654">Records database startup, stop, recovery, and switchover.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row3162576153654"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.4.2.5.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p54842140153654">Records user locking and unlocking.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row23817212153654"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.4.2.5.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p50146049153654">Records the grants and reclaims of user permissions.</p>
</td>
</tr>
<tr id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_row48661263153654"><td class="cellrowborder" valign="top" headers="mcps1.3.2.2.4.2.5.2.3.1.1 "><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p49248264153654">Records the audit function of the <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_b187317513011">SET</strong> operation.</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_li1269718696"><span>Enable or disable audit log dumps.</span><p><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p74211501298">For more information, see <a href="dws_01_0142.html#EN-US_TOPIC_0000001658895326__en-us_topic_0000001372520098_en-us_topic_0000001145696613_section8182105814130">Enabling Audit Log Dumps</a>.</p>
</p></li><li id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_li24595536115725"><span>Click <span class="uicontrol" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_uicontrol49492823153122"><b>Apply</b></span>.</span><p><p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p42782223153122">Click <span><img id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_image3496183854916" src="figure/en-us_image_0000001759579473.png"></span>. The configuration status <strong id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_b14181458191410">Applying</strong> indicates that the configurations are being saved.</p>
<p id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_en-us_topic_0000001098656870_p44896892153122">When the status changes to <span class="parmvalue" id="EN-US_TOPIC_0000001659054638__en-us_topic_0000001372999374_parmvalue165004817151"><b>Synchronized</b></span>, the configurations are saved and take effect.</p>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dws_01_0184.html">Database Audit Logs</a></div>
</div>
</div>
View Git Blame Copy Permalink