yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
main
doc-exports/docs/dbss/umn/dbss_01_0190.html
qinweiwei a42c766ca4 DBSS usermanual 20250429 version 
Reviewed-by: Rogal, Marcel <mrogal@noreply.gitea.eco.tsi-dev.otc-service.com>
Co-authored-by: qinweiwei <qinweiwei@huawei.com>
Co-committed-by: qinweiwei <qinweiwei@huawei.com>
2025-06-25 06:40:13 +00:00

89 lines
10 KiB
HTML
Raw Permalink Blame History

<a name="dbss_01_0190"></a><a name="dbss_01_0190"></a>
<h1 class="topictitle1">Adding Audit Scope</h1>
<div id="body1544587094894"><p id="dbss_01_0190__p13516181572">By default, database audit complies with a full audit rule, which is used to audit all databases that are connected to the database audit instance. You can also add audit scope and specify the databases to be audited.</p>
<div class="notice" id="dbss_01_0190__note1267117234531"><span class="noticetitle"><img src="public_sys-resources/notice_3.0-en-us.png"> </span><div class="noticebody"><p id="dbss_01_0190__p11671152315539">By default, the full audit rule takes effect even if other rules exist. To make another audit rule take effect, disable the full audit rule first.</p>
</div></div>
<div class="section" id="dbss_01_0190__section070891116319"><h4 class="sectiontitle">Prerequisites</h4><ul id="dbss_01_0190__ul13013312410"><li id="dbss_01_0190__li752019581501">You have applied for a database audit instance and the <strong id="dbss_01_0190__en-us_topic_0144723368_b1155217115215">Status</strong> is <strong id="dbss_01_0190__en-us_topic_0144723368_b185532015214">Running</strong>.</li></ul>
<ul id="dbss_01_0190__ul2059001124716"><li id="dbss_01_0190__li1610855617422">Database audit has been enabled.</li></ul>
</div>
<div class="section" id="dbss_01_0190__section13224195251412"><h4 class="sectiontitle">Procedure</h4><ol id="dbss_01_0190__ol18449141653"><li id="dbss_01_0190__li1896224713913"><span>Log in to the management console.</span></li><li id="dbss_01_0190__li199221335798"><span>Select a region, click <span><img id="dbss_01_0190__dbss_01_0204_dbss_01_0186_image12421104763114" src="en-us_image_0000001074398929.png"></span>, and choose <span class="menucascade" id="dbss_01_0190__dbss_01_0204_dbss_01_0186_menucascade1215612612394"><b><span class="uicontrol" id="dbss_01_0190__dbss_01_0204_dbss_01_0186_uicontrol415682653911">Security</span></b> &gt; <b><span class="uicontrol" id="dbss_01_0190__dbss_01_0204_dbss_01_0186_uicontrol2156182620396">Database Security Service</span></b></span>. The <strong id="dbss_01_0190__dbss_01_0204_dbss_01_0186_b6156926113915">Dashboard</strong> page is displayed.</span></li><li id="dbss_01_0190__li192117711183"><span>In the navigation tree on the left, choose <strong id="dbss_01_0190__b121256507268">Audit Rules</strong>.</span></li><li id="dbss_01_0190__li18168173601816"><span>In the <strong id="dbss_01_0190__b17101213111114">Instance</strong> drop-down list, select an instance to add audit scope.</span></li><li id="dbss_01_0190__li4174122125815"><span><span class="uicontrol" id="dbss_01_0190__uicontrol979519419124"><b>Add Audit Scope</b></span> above the audit scope list.</span><p><div class="note" id="dbss_01_0190__note206851641154719"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul id="dbss_01_0190__ul791433515542"><li id="dbss_01_0190__li189144352546">By default, database audit complies with a <strong id="dbss_01_0190__b19256559113116">full audit rule</strong>, which is used to audit all databases that are connected to the database audit instance. This audit rule is enabled by default. You can disable it but cannot delete it.</li><li id="dbss_01_0190__li779393716542">To make a custom rule take effect, disable the full audit rule first.</li></ul>
</div></div>
</p></li><li id="dbss_01_0190__li157459715312"><span>In the displayed dialog box, set the audit scope, as shown in <a href="#dbss_01_0190__fig97457713117">Figure 1</a>. For details about related parameters, see <a href="#dbss_01_0190__table474657203117">Table 1</a>.</span><p><div class="fignone" id="dbss_01_0190__fig97457713117"><a name="dbss_01_0190__fig97457713117"></a><a name="fig97457713117"></a><span class="figcap"><b>Figure 1 </b>Add Audit Scope dialog box</span><br><span><img id="dbss_01_0190__image17342174234217" src="en-us_image_0000001173318613.png"></span></div>
<div class="tablenoborder"><a name="dbss_01_0190__table474657203117"></a><a name="table474657203117"></a><table cellpadding="4" cellspacing="0" summary="" id="dbss_01_0190__table474657203117" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameters</caption><thead align="left"><tr id="dbss_01_0190__row274619703110"><th align="left" class="cellrowborder" valign="top" width="21.02%" id="mcps1.3.4.2.6.2.2.2.4.1.1"><p id="dbss_01_0190__p117461775311">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="60.980000000000004%" id="mcps1.3.4.2.6.2.2.2.4.1.2"><p id="dbss_01_0190__p1374617711318">Description</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="18%" id="mcps1.3.4.2.6.2.2.2.4.1.3"><p id="dbss_01_0190__p1774612703119">Example Value</p>
</th>
</tr>
</thead>
<tbody><tr id="dbss_01_0190__row57471572315"><td class="cellrowborder" valign="top" width="21.02%" headers="mcps1.3.4.2.6.2.2.2.4.1.1 "><p id="dbss_01_0190__p17471476318">Name</p>
</td>
<td class="cellrowborder" valign="top" width="60.980000000000004%" headers="mcps1.3.4.2.6.2.2.2.4.1.2 "><p id="dbss_01_0190__p1874710773117">Name of the custom audit scope</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.6.2.2.2.4.1.3 "><p id="dbss_01_0190__p197474723112">audit00</p>
</td>
</tr>
<tr id="dbss_01_0190__row10747976313"><td class="cellrowborder" valign="top" width="21.02%" headers="mcps1.3.4.2.6.2.2.2.4.1.1 "><p id="dbss_01_0190__p67471679316">Database Name</p>
</td>
<td class="cellrowborder" valign="top" width="60.980000000000004%" headers="mcps1.3.4.2.6.2.2.2.4.1.2 "><p id="dbss_01_0190__p127476712317">Database to be added to the audit scope</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.6.2.2.2.4.1.3 "><p id="dbss_01_0190__p138931609912">db03</p>
</td>
</tr>
<tr id="dbss_01_0190__row1135581116013"><td class="cellrowborder" valign="top" width="21.02%" headers="mcps1.3.4.2.6.2.2.2.4.1.1 "><p id="dbss_01_0190__p73461641445">Operations</p>
</td>
<td class="cellrowborder" valign="top" width="60.980000000000004%" headers="mcps1.3.4.2.6.2.2.2.4.1.2 "><p id="dbss_01_0190__p203461464418">Audited operation type. It can be <strong id="dbss_01_0190__b15708114110296">Login</strong> or <strong id="dbss_01_0190__b1453224411294">Operation</strong>.</p>
<p id="dbss_01_0190__p1215625184417">When you select the <strong id="dbss_01_0190__b121941749112912">Operation</strong> check box, you can select <strong id="dbss_01_0190__b1519954912911">All operations</strong> or the operations in <strong id="dbss_01_0190__b5199144915295">DDL</strong>, <strong id="dbss_01_0190__b82001249122919">DML</strong>, and <strong id="dbss_01_0190__b2200184920297">DCL</strong>.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.6.2.2.2.4.1.3 "><p id="dbss_01_0190__p1034618424413">Login</p>
</td>
</tr>
<tr id="dbss_01_0190__row2448195934818"><td class="cellrowborder" valign="top" width="21.02%" headers="mcps1.3.4.2.6.2.2.2.4.1.1 "><p id="dbss_01_0190__p06582816496">Database Account</p>
</td>
<td class="cellrowborder" valign="top" width="60.980000000000004%" headers="mcps1.3.4.2.6.2.2.2.4.1.2 "><p id="dbss_01_0190__p13658198134910">(Optional) Database username.</p>
<p id="dbss_01_0190__p18198122513477">You can specify multiple accounts, separated by commas (,).</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.6.2.2.2.4.1.3 "><p id="dbss_01_0190__p865888154913">-</p>
</td>
</tr>
<tr id="dbss_01_0190__row20913184143815"><td class="cellrowborder" valign="top" width="21.02%" headers="mcps1.3.4.2.6.2.2.2.4.1.1 "><p id="dbss_01_0190__p091384133810">Exception IP Address</p>
</td>
<td class="cellrowborder" valign="top" width="60.980000000000004%" headers="mcps1.3.4.2.6.2.2.2.4.1.2 "><p id="dbss_01_0190__p15913144133816">(Optional) IP addresses that do not need to be audited.</p>
<div class="note" id="dbss_01_0190__note15267592417"><span class="notetitle"> NOTE: </span><div class="notebody"><p id="dbss_01_0190__p71941675114">If an IP address is set as both a source and an exception IP address, the IP address will not be audited.</p>
</div></div>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.6.2.2.2.4.1.3 "><p id="dbss_01_0190__p199131547386">-</p>
</td>
</tr>
<tr id="dbss_01_0190__row57476763110"><td class="cellrowborder" valign="top" width="21.02%" headers="mcps1.3.4.2.6.2.2.2.4.1.1 "><p id="dbss_01_0190__p474713714310">Source IP Address</p>
</td>
<td class="cellrowborder" valign="top" width="60.980000000000004%" headers="mcps1.3.4.2.6.2.2.2.4.1.2 "><p id="dbss_01_0190__p114631251191715">(Optional) IP address or IP address range used for accessing the database to be audited</p>
<p id="dbss_01_0190__p774719773115">The entered IP address is not the IP address of the database selected in <span class="parmname" id="dbss_01_0190__parmname11729919111712"><b>Database Name</b></span>.</p>
<p id="dbss_01_0190__p201179149215">The IP address must be an internal IP address in IPv4 or IPv6 format.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.6.2.2.2.4.1.3 "><p id="dbss_01_0190__p167478793119">-</p>
</td>
</tr>
<tr id="dbss_01_0190__row57473714311"><td class="cellrowborder" valign="top" width="21.02%" headers="mcps1.3.4.2.6.2.2.2.4.1.1 "><p id="dbss_01_0190__p174716713117">Source Port</p>
</td>
<td class="cellrowborder" valign="top" width="60.980000000000004%" headers="mcps1.3.4.2.6.2.2.2.4.1.2 "><p id="dbss_01_0190__p189990213181">(Optional) Port number used for accessing the database to be audited</p>
<p id="dbss_01_0190__p16747147153113">The entered port number is not the port number of the database selected in <span class="parmname" id="dbss_01_0190__parmname195161339152010"><b>Database Name</b></span>.</p>
</td>
<td class="cellrowborder" valign="top" width="18%" headers="mcps1.3.4.2.6.2.2.2.4.1.3 "><p id="dbss_01_0190__p1374715733116">-</p>
</td>
</tr>
</tbody>
</table>
</div>
</p></li><li id="dbss_01_0190__li8278104118326"><span>Click <span class="uicontrol" id="dbss_01_0190__uicontrol949455211328"><b>OK</b></span>.</span><p><p id="dbss_01_0190__p213282819333">When the audit scope is added successfully, it is displayed in the audit scope list in the state of <strong id="dbss_01_0190__b124915525315">Enabled</strong>.</p>
</p></li></ol>
</div>
<div class="section" id="dbss_01_0190__section1436832312226"><h4 class="sectiontitle">Related Operations</h4><p id="dbss_01_0190__p16930153852815">In addition to adding the audit scope, you can enable or disable SQL injection detection and add risky operations to set audit rules for database audit.</p>
</div>
</div>
<div></div>
View Git Blame Copy Permalink