- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Some AZs Are Sold Out
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Best Practices
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- DescribeClusterDetail
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Billing APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- OpenClusterReadOnlyInstanceGroupAccess
- OpenReadOnlyInstanceExclusiveAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- SwitchClusterVpc
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- TDSQL-C Policy
- Glossary
- Contact Us
- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Some AZs Are Sold Out
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Best Practices
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- DescribeClusterDetail
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Billing APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- OpenClusterReadOnlyInstanceGroupAccess
- OpenReadOnlyInstanceExclusiveAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- SwitchClusterVpc
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- TDSQL-C Policy
- Glossary
- Contact Us
Event alarms related to the database audit function have been connected to the Tencent Cloud Observability Platform and the EventBridge (EB). If you set risk level alarms in the rule template and select Send alarm notification, the audit logs matching the rule template will trigger alarm notifications to the bound users. At the same time, on the Tencent Cloud Observability Platform, You can also view alarm history, manage alarm policies (toggle alarm switch on/off) and mute alarms. Configuring event alarms for database audit helps you obtain risk alarms in time and pinpoint problematic audit logs quickly.
This document describes how to configure event alarms by using Tencent Cloud Observability Platform (TCOP) and EB for an instance with database audit enabled.
Prerequisites
You have enabled the audit service. For more information, see Enabling Audit Service.
You have submitted a ticket to apply for the event alarm function (this function can only be applied for instances deployed in Beijing, Shanghai, Guangzhou, Chengdu, and Singapore).
You have submitted a ticket to apply for the rule audit function.
Configuring Event Alarms through TCOP
Creating an Alarm Policy
1. Log in to the TCOP console and choose Alarm Management > Policy Management on the left navigation bar.
2. On the Alarm Policy List page, click Create Policy.
3. On the policy creation page, finish the setting for Basic info, Configure Alarm Rule, and Configure Alarm notification.
Policy Type: Choose Cloud Database > TDSQL-C > MySQL.
Alarm Object: You can find the object instance to be associated by selecting the region where the object is or searching for the instance ID of the object.
Trigger Condition: You can find event alarm, click Add Event, add alarm events of AuditLowRisk, AuditMediumRisk, or AuditHighRisk based on the risk level for which the alarm is needed.
Configure Alarm Notification: You can select a notification template or create one below. Each alarm policy can be bound to at most three notification templates. For more information about the Customizd Notification Template, please see Creating Notification Template.
Selecting a preset template
Creating a template
4. With everything correctly set, click Finish.
Associating Alarm Objects
After creating an alarm policy, you can associate it with other alarm objects (instances consistent with the alarm policy). When instances match the rule content in the rule template with the risk level being the added risk level, and the alarm policy of the rule template is set to Send alarm notification, the generated audit logs will trigger an alarm notification.
1. On the alarm policy list, click the Policy Name to enter the alarm policy management page.
2. On the alarm policy management page, click Add Object in the Alarm Object column.
3. In the pop-up dialog box, select the alarm objects to be associated with, and click OK.
Viewing Alarm Records, Managing Alarm Policies (Alarm Switch), and Silencing Alarm
You can view the alarm history of the relevant events or manage alarm policies and create alarm silence through TCOP. You can refer to the following guidelines for the corresponding operation.
Configuring Event Alarms via EB
Step 1: Activating the EB service
Tencent Cloud EB implements permission management through Cloud Access Management (CAM). CAM is a permission and access management service provided by Tencent Cloud, which is mainly used to help customers securely manage the access rights of resources under Tencent Cloud accounts. Users can create, manage and destroy users (groups) through CAM, and use identity management and policy management to control the rights of other users to use Tencent Cloud resources. Before using the EB, you need to enable the service on the product page. For details about how to activate the root account and how to authorize sub-accounts to use the service, see Activating EB.
Step 2: Configure event alarms related to TDSQL-C MySQL database audit
After the EB service is enabled, you need to select an event source access mode. Currently, monitoring events generated through TDSQL-C MySQL version database audit can be used as event sources to access the EB.
Note:
All operation and maintenance events such as alarms and audits generated by TDSQL-C MySQL version will be delivered to the cloud service event set. The delivery is the default delivery and cannot be changed or edited.
After opening Tencent Cloud Event Bus service, the default cloud service event set will be automatically created for you in Guangzhou region, and the alarm events (monitoring events and audit events) generated by TDSQL-C MySQL version will be automatically delivered to the default could service event set.
1. Log in to the EB Console.
2. Select the Guangzhou region at the top.
3. Click on the default EB under Tencent Cloud service EB.
4. On the details page of the default EB, click Manage Event Rules.
5. Click Create on the skip page.
6. After finishing the following configuration on the Create Event Rule page, click Next.
Parameter | Description |
Rule name | Enter the rule name. It should contain 2-60 characters in the form of letters, digits, underscores, and hyphens. It must start with a letter and end with a digit or a letter. |
Rule description | Fill in the rule description including digits, English and Chinese characters, and commonly used punctuation, not exceeding 200 characters. |
Tag | Decide whether to enable tag. Once enabled, you can add tags to this event rule. |
Data conversion | Event data conversion can help you easily and simply process the event content. For example, you can extract and parse fields from an event and reassemble them before delivering them to the event target. |
Event sample | Provide an example of the event structure for reference in configuring event matching rules. You can find the target template under event sample for reference. |
Rule pattern | Both a template and a custom event are supported, but it is recommended to use a template here. |
Tencent Cloud Service | Please choose TDSQL-C MySQL version. |
Event type | Select the required and event type of database audit related alarms (AuditLowRisk, AuditMediumRisk or AuditHighRisk). |
Test match rule | Choose the event type template selected in the event example, then click on Test match rule. If test match rule passes, you can proceed to the next step. |
Note:
To receive event alarms from specified instances, set the fule as follows:
{"source":"cynosdb_mysql.cloud.tencent","subject":"ins-xxxxxx"}
This indicates that only events originated from TDSQL-C MySQL version with the instance ID being ins-xxx can be pushed through rule matching. Other events will be discarded and will be unable to reach the user.
Multiple resources can also be matched:
{"source":"cynosdb_mysql.cloud.tencent","subject":["ins-xxxxxx","ins-xxxxxx"]}
7. On the event target tab, complete the following configurations, Select Enable event rules now, and click Complete.
Parameter | Description |
Trigger method | Select Notification message. |
Message template | Support for selecting Monitoring alert template or General notification template. |
Alert content | Support Chinese or English. |
Notification method | Support for selecting API callback, channel push, or all the methods. The following settings will use channel push as an example. |
Recipients | Select a recipient user or user group. |
Notification period | Custom Notification period. |
Delivery method | Select Delivery method. SMS is limited to 500 characters. Phone is limited to 350 characters. too long events (may be caused by too long instance name and other reasons) will not be pushed. You are advised to configure multiple channels. |
Note:
If you need to configure multiple event targets, click Add.
8. After finishing the creation, you can query and manage the event rule in the event rule list.
Yes
No
Was this page helpful?