TDSQL-C for MySQL provides database audit capabilities to help you record accesses to databases and executions of SQL statements, so you can manage risks and improve the database security. This document describes how to enable the audit service in the console.
You have created a cluster as instructed in Creating Cluster.
Note:You can batch enable the audit service for multiple target instances by selecting them in the audit instance list and clicking Enable Database Audit above the list.
Parameter | Description |
---|---|
Full Audit | Full audit records all database accesses and SQL statement executions. |
Rule-Based Audit | You can set audit rules for attributes of the TDSQL-C for MySQL database, such as client IP, username, database name, SQL details, and SQL type. Rule-based audit records the database accesses and SQL statement executions according to the custom audit rule. |
Parameter Field | Operator | Characteristic String |
---|---|---|
Client IP | Include, Exclude, Equal to, Not equal to | Up to five client IPs can be configured and should be separated by vertical bar "|". |
Username | Include, Exclude, Equal to, Not equal to | Up to five usernames can be configured and should be separated by vertical bar "|". |
Database Name | Include, Exclude, Equal to, Not equal to | Up to five database names can be configured and should be separated by vertical bar "|". |
SQL Details | Include, Exclude, Equal to, Not equal to | Up to five SQL commands can be configured and should be separated by vertical bar "|". |
SQL Type | Include, Exclude | Up to five SQL types can be selected. Valid options: ALTER, CHANGEUSER, CREATE, DELETE, DROP, EXECUTE, INSERT, LOGIN, LOGOUT, REPLACE, SELECT, SET, UPDATE, Other. |
Example: If the following rule content is set: the database name should include a
, b
, or c
, and the client IP should include IP1, 2 or 3, then the audit logs filtered by the rule are those where the database name includes a
, b
, or c
and the client IP includes IP1, 2, or 3.
Parameter | Description |
---|---|
Log Retention Period | Set the audit log retention period in days, which can be 7, 30, 90, 180, 365, 1,095, or 1,825. |
Frequent Access Storage Period | Frequent access storage has the best query performance as it uses ultra high-performance storage media. Audit data is initially stored in frequent access storage for the time period specified here, after which it is automatically migrated to infrequent access storage. These two storage types only differ in performance but both support auditing. For example, if the log retention period is set to 30 days, and frequent access storage period is set to 7 days, then the infrequent access storage period will be 23 days by default. |
Was this page helpful?