Database Audit Is Unavailable

Symptom

After the database traffic is triggered, you cannot find the audit information about an executed statement in the SQL statement list.

In this case, perform the following operations to troubleshoot the problem:

• Checking Database Information and Audit Function Settings

• Checking Audited Database Settings

• Checking Database Agent Status

• Checking the Security Group Rules of the Database Audit Instance

Checking Database Information and Audit Function Settings

1. Check whether the database information is correct.

   • If the database information is correct, go to 2.

   • If the database information is incorrect, click Delete to delete the database, and then click Add Database to add the database again.

     • If the fault is rectified, no further operation is required.

     • If the problem persists, go to 2.

2. Check whether the database audit function is enabled.

   • If Audit Status is Enabled, go to Checking Audited Database Settings.

   • If Audit Status is Disabled, click Enable to enable the database audit function.

     • If the fault is rectified, no further operation is required.

     • If the problem persists, go to Checking Audited Database Settings.

Checking Audited Database Settings

• If Status is Enabled, go to Checking Database Agent Status.

• If Status is Disabled, click Enable to enable the desired audit scope rule of the database.

  • If the fault is rectified, no further operation is required.

  • If the problem persists, go to Checking Database Agent Status.

Checking Database Agent Status

1. Log in to the node where the agent is installed as user root by using a cross-platform remote access tool (for example, PuTTY) via SSH.

2. Run the following command to view the running status of the agent program:

   ps -ef|grep audit_agent

   • If the following information is displayed, the agent is running properly. Go to 4.

     /opt/dbss_audit_agent/bin/audit_agent
     

   • If no information is displayed, the agent does not run properly. Go to 3.

3. Run the following command to restart the agent:

   service audit_agent restart

   • If the fault is rectified, no further operation is required.

   • If the problem persists, go to 4.

4. Run the following command to check the communication status between the agent and database audit instance:

   tailf /opt/dbss_audit_agent/log/audit_agent.log

   • If information similar to the following is displayed, the communication between the agent and database audit instance is normal. Go to Verifying the Result.

     

     Figure 1 Normal communication

   • If information similar to the following is displayed, the communication between the agent and database audit instance is abnormal. Go to Checking the Security Group Rules of the Database Audit Instance.

     

     Figure 2 Communication error

Checking the Security Group Rules of the Database Audit Instance

1. Go to the Database Security Service page.

2. In the navigation tree on the left, choose Database Audit > Databases. The Databases page is displayed.

3. Select an instance where the database is located from the Instance drop-down list.

4. Record the IP address of the agent node.

   Click next to the database to view the information of its agent, and record Installing Node IP Address.

5. Add an inbound rule for the installing node.

   1. Click OK.

Verifying the Result

In your database, run an SQL statement on the node where the agent is installed, and then search for the statement in the SQL statement list.

• If the SQL statement is found, the problem has been solved.

• If the SQL statement is not found, the problem persists. Contact customer service.

last updated: 2024-11-13 13:56 UTC - commit: 0f1707055f410cccf5d3ea60adc44cdabb5e59b5