yexinru/doc-exports
1
0
Fork 0
forked from docs/doc-exports
Code Pull Requests Activity
Files
0b3a43371a4bcc99577594de0a685249d676a567
doc-exports/docs/dds/umn/dds_03_0291.html
Ru, Li Yi 843c771689 dds_umn_1115 
Reviewed-by: Wagner, Fabian <fabian.wagner@t-systems.com>
Co-authored-by: Ru, Li Yi <liyiru7@huawei.com>
Co-committed-by: Ru, Li Yi <liyiru7@huawei.com>
2025-02-26 09:31:42 +00:00

57 lines
12 KiB
HTML
Raw Blame History

<a name="dds_03_0291"></a><a name="dds_03_0291"></a>
<h1 class="topictitle1">Audit Log Policy Management</h1>
<div id="body32001227"><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p40414145116">An audit log records operations performed on your databases and collections. The generated log files are stored in OBS. Auditing logs can enhance your database security and help you analyze the cause of failed operations.</p>
<div class="section" id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_section131383519444"><h4 class="sectiontitle">Precautions</h4><ul id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_ul1838894474719"><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li1155251621317">The audit policy of a DDS DB instance is disabled by default. You can enable it based on your service requirements. After the function is enabled, the system records audit information about read and write operations, which may deteriorate the performance by 15% to 20%.</li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li738994418470">DDS checks generated audit logs. If the retention period of logs exceeds the period you set, DDS will delete the logs. It is recommended that audit logs be stored for more than 180 days for tracing and problem analysis.</li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li143891744194713">After the audit policy is modified, DDS audits logs according to the new policy and the retention period of the original audit logs is subject to the modified retention period.</li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li9237535153010">By default, audit logs are generated every hour. If the size of an audit log exceeds 10 MB, a new audit log is generated.</li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li2056713212299">Your data must be encoded in UTF-8 format. For data in other format, the auditing result of the corresponding statement may be missing or contain garbled characters.</li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li1676944372120">Audit log files stored on OBS are invisible to you. They are only visible in the DDS backend management system.</li></ul>
</div>
<div class="section" id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_section1965621516519"><h4 class="sectiontitle">Configuring the Audit Policy</h4><ol id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_ol131917669"><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li207121728113711"><span>Log in to the management console.</span></li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li1178902014017"><span>Click <span><img id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_image18126205841515" src="en-us_image_0000002207066505.png"></span> in the upper left corner and select a region and a project.</span></li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li1578972044018"><span>Click <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b4444412191616">Service List</strong>. Under <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b1445191251611">Database</strong>, click <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b54450124169">Document Database Service</strong> to go to the DDS console.</span></li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li934172620"><span>On the <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b10145182717140">Instances</strong> page, click the instance name.</span></li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li153101711615"><span>In the navigation pane on the left, choose <span class="uicontrol" id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_uicontrol11786814969"><b>Audit Logs</b></span>.</span></li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li655720574519"><span>On the <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b165486421268">Audit Logs</strong> page, click <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b179735501769">Set Audit Policy</strong>.</span></li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li3225835179"><span>On the displayed page, click <span><img id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_image11227103161712" src="en-us_image_0000002171625914.png"></span>.</span></li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li144131720620"><span>Configure required parameters and click <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b52814561322">OK</strong> to enable the audit policy.</span><p>
<div class="tablenoborder"><table cellpadding="4" cellspacing="0" summary="" id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_table8615121821412" frame="border" border="1" rules="all"><caption><b>Table 1 </b>Parameter description</caption><thead align="left"><tr id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_row1861618185145"><th align="left" class="cellrowborder" valign="top" width="23.31%" id="mcps1.3.3.2.8.2.1.2.3.1.1"><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p7616111819140">Parameter</p>
</th>
<th align="left" class="cellrowborder" valign="top" width="76.69%" id="mcps1.3.3.2.8.2.1.2.3.1.2"><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p146161718201415">Description</p>
</th>
</tr>
</thead>
<tbody><tr id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_row76167182148"><td class="cellrowborder" valign="top" width="23.31%" headers="mcps1.3.3.2.8.2.1.2.3.1.1 "><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p17616718161417">All</p>
</td>
<td class="cellrowborder" valign="top" width="76.69%" headers="mcps1.3.3.2.8.2.1.2.3.1.2 "><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p761651812148">Audit all collections in the instance.</p>
</td>
</tr>
<tr id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_row8616618181414"><td class="cellrowborder" valign="top" width="23.31%" headers="mcps1.3.3.2.8.2.1.2.3.1.1 "><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p6616618131412">Custom</p>
</td>
<td class="cellrowborder" valign="top" width="76.69%" headers="mcps1.3.3.2.8.2.1.2.3.1.2 "><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p17616181814141">Audit specified databases or collections in the instance.</p>
<p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p1910617311910">The database or collection name cannot contain spaces or the following special characters: /\' : "[]{}() The dollar sign ($) can be used only as an escape character.</p>
<p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p5565131434814">The database name can contain a maximum of 64 characters.</p>
<p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p15565014144814">If you enter a combined database and collection name, the total name length is 120 characters with the database name length of no more than 64 characters and the collection name cannot be blank, contain <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b766255963520">null</strong>, or use <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b136635593356">system.</strong> in prefix.</p>
</td>
</tr>
<tr id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_row16161418121418"><td class="cellrowborder" valign="top" width="23.31%" headers="mcps1.3.3.2.8.2.1.2.3.1.1 "><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p3616141820142">Statement Type</p>
</td>
<td class="cellrowborder" valign="top" width="76.69%" headers="mcps1.3.3.2.8.2.1.2.3.1.2 "><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p254122141513">You can query audit logs of specified statements in a collection, including auth, insert, update, delete, command and query statements.</p>
</td>
</tr>
<tr id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_row11616618201413"><td class="cellrowborder" valign="top" width="23.31%" headers="mcps1.3.3.2.8.2.1.2.3.1.1 "><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p176161618191412">Retention Days</p>
</td>
<td class="cellrowborder" valign="top" width="76.69%" headers="mcps1.3.3.2.8.2.1.2.3.1.2 "><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p2061613183149">The number of days to retain audit logs. Range: 7 to 732</p>
</td>
</tr>
</tbody>
</table>
</div>
<ul id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_ul108263144020"><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li714253111814">After the audit policy is enabled, you can modify it as required. After the modification, logs are generated according to the new policy and the retention period of the original logs is subject to the modified retention period.<p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p1331052541916"><a name="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li714253111814"></a><a name="en-us_topic_0000001894074453_en-us_topic_0000001609552726_li714253111814"></a>To modify the audit policy, click <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b17137716181016">Set Audit Policy</strong>. In the dialog box that is displayed, modify the audit policy.</p>
</li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li0821639408">Disable the audit policy.<div class="note" id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_note1013513471462"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p12137144717467">After the audit policy is disabled, no audit log is generated.</p>
</div></div>
<p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p134672021113917">To disable the audit policy, click <span><img id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_image187785034114" src="en-us_image_0000002171625918.png"></span>. </p>
<p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p116631131339">You can determine whether to delete all audit logs:</p>
<ul id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_ul716716371409"><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li060413403019">If you do not select <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b16316111012219">Delete audit logs</strong>, all audit logs within the retention period will be retained. You can manually delete them later.</li><li id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_li116715371705">If you select <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b1268646034175139">Delete audit logs</strong>, all audit logs within the retention period will be deleted.</li></ul>
<p id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_p25471222104114">Click <strong id="dds_03_0291__en-us_topic_0000001894074453_en-us_topic_0000001609552726_b84235270695330">OK</strong>.</p>
</li></ul>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>Parent topic:</strong> <a href="dds_03_0168.html">Audit Logs</a></div>
</div>
</div>
View Git Blame Copy Permalink