- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Some AZs Are Sold Out
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Best Practices
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- DescribeClusterDetail
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Billing APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- OpenClusterReadOnlyInstanceGroupAccess
- OpenReadOnlyInstanceExclusiveAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- SwitchClusterVpc
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- TDSQL-C Policy
- Glossary
- Contact Us
- Release Notes and Announcements
- Release Notes
- Announcements
- Announcement on Change of Part of Parameters
- Announcement on Update of Database Audit Feature
- Announcement on Authentication of a Newly Added API Interface of Database Audit
- Announcement on Change of Public Network Linkage
- TDSQL-C for MySQL Audit Service Update
- Emergency Fix for Certain Monitoring Metrics
- Monitoring Metric Optimization
- Some AZs Are Sold Out
- Change to Database Audit Resource ID
- Ops Change
- Storage Price Adjustment Notification
- Product Introduction
- Kernel Features
- Purchase Guide
- Getting Started
- Database Audit
- Serverless Service
- Operation Guide
- Switching Cluster Page View in Console
- Database Connection
- Instance Management
- Configuration Adjustment
- Cluster Management
- Scaling Instance
- Database Proxy
- Database Proxy Overview
- Use Limits
- Database Proxy Kernel Features
- Managing Database Proxy
- Enabling Database Proxy
- Setting Database Proxy Address
- Modifying or Deleting Connection Addresses
- Viewing and Changing the Access Policy
- Rebalancing the Load
- Transaction Split Feature
- Access Mode
- Adjusting Database Proxy Configuration
- Switching Database Proxy Network
- Viewing Database Proxy Monitoring Data
- Disabling Database Proxy
- Automatic Read/Write Separation
- Connection Pool Feature
- Other Features
- Account Management
- Database Management
- Database Management Tool
- Columnar Storage Index (CSI)
- Parameter Configuration
- Multi-AZ Deployment
- Backup and Restoration
- Operation Log
- Data Migration
- Parallel Query
- Database Security and Encryption
- Monitoring and Alarms
- Basic SQL Operations
- Connecting to TDSQL-C for MySQL Through SCF
- Tag
- Best Practices
- White Paper
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- CloseClusterPasswordComplexity
- CopyClusterPasswordComplexity
- DescribeClusterPasswordComplexity
- ModifyClusterPasswordComplexity
- OpenClusterPasswordComplexity
- UpgradeClusterVersion
- UpgradeInstance
- SetRenewFlag
- OfflineCluster
- ModifyMaintainPeriodConfig
- IsolateInstance
- IsolateCluster
- DescribeMaintainPeriod
- DescribeInstanceSpecs
- DescribeClusters
- DescribeClusterDetail
- CreateClusters
- AddInstances
- OfflineInstance
- DescribeInstanceDetail
- DescribeClusterInstanceGrps
- DescribeInstances
- ActivateInstance
- ModifyInstanceName
- ModifyClusterName
- SearchClusterTables
- SearchClusterDatabases
- RestartInstance
- Multi-AZ APIs
- Account APIs
- Audit APIs
- Database Proxy APIs
- Backup and Restoration APIs
- Parameter Management APIs
- Performance Analysis APIs
- Billing APIs
- Serverless APIs
- ResourcePackage APIs
- Other APIs
- CloseWan
- CreateClusterDatabase
- DeleteClusterDatabase
- DescribeClusterDetailDatabases
- ModifyClusterDatabase
- OpenWan
- OpenClusterReadOnlyInstanceGroupAccess
- OpenReadOnlyInstanceExclusiveAccess
- ModifyDBInstanceSecurityGroups
- DescribeProjectSecurityGroups
- DescribeDBSecurityGroups
- SwitchProxyVpc
- DescribeFlow
- DescribeZones
- SwitchClusterVpc
- ModifyVipVport
- Data Types
- Error Codes
- FAQs
- TDSQL-C Policy
- Glossary
- Contact Us
Announcement on Update of Database Audit Feature
Last updated: 2024-03-07 10:14:53
Dear Tencent Cloud User, as of September 25, 2023, Tencent Cloud will release an updated database audit function for TencentDB for CynosDB. This update optimizes the number of bound rule templates supported by instances, as well as the binding relationship between the rule template and the instance, and increases the event warning capability, which helps users to access risk warnings in time, and quickly locate the audit log. In order to better use the database audit function, you need to pay attention to the following relevant explanations.
Precondition Description
Some features of the database audit features require a ticket submission for use, as specifically outlined below.
If you want to use the rule audit feature, please submit a ticket.
The event alarm feature currently only supports regions including Beijing, Shanghai, Guangzhou, Chengdu and Singapore. If you need to use it, please submit a ticket.
For instances with a full audit type, if you need to set the risk level and alarm policy for audit logs, please submit a ticket.
Feature Update Description
1. The number of bound rule templates supported by the instance has been adjusted from 1 to 5.
2. The relationship between the rule template and the instance has been adjusted from initialization to strong binding. That is, if the content of the rule template is modified, the audit rules applied to instances that have been bound with this rule template will also be synchronously modified.
3. Viewing a rule template bound by each instance , an audit log hit by audit rules, and an instance bound with rule templates is supported.
4. The logic of the rule template for different audit types is as follows:
4.1 Rule templates for instances belonging to Rule Audit are used for retaining audit logs that hit the rule template content, setting risk levels, and alarm policies. Audit logs that did not hit the rule template content are no longer retained.
4.2 Rule templates for instances belonging to Full Audit is only used for setting risk levels and alarm policies for audit logs that hit the rule template content. Audit logs that didn't hit the rule template content are still retained.
5. TencentDB for CynosDB database audit has added some interfaces with CAM authentication. For detailed interfaces and authorization operation guide, refer to [Announcement of New API Interface Authentication for Database Audit on September 25, 2023].
Note:
Within the realm of database audit, the creation, modification, query, and deletion of rule templates are operation level authentication- altering these rule templates will impact the audit rules of instances that already adhere to the said rule template.
Yes
No
Was this page helpful?