<p class="shortdesc">数据库审计服务通过对双向数据包进行解析、识别以及还原，不仅可以对数据库操作请求进行实时审计，还可对数据库返回的结果进行完整的还原和审计，包括SQL报文、数据库命令执行时长、执行的结果集、客户端工具信息、客户端IP地址、服务端端口、数据库账号、执行状态、数据库类型、报文以及报文长度等。</p> <section class="section prereq" id="auditlog__prereq_uxw_xpr_4sb"><div class="tasklabel"><h2 class="doc-tairway">前提条件</h2></div> <p class="p">您已创建实例。</p> <p class="p">您已添加资产。</p> </section> <section><div class="tasklabel"><h2 class="doc-tairway">操作步骤</h2></div><ol class="ol steps"><li class="li step stepexpand"> <span class="ph cmd">登录<a class="xref" href="https://www.ocftcloud.com/console/db-audit" target="_blank" rel="external noopener">数据库审计控制台</a>，进入<span class="keyword wintitle">实例列表</span>页面。</span> </li><li class="li step stepexpand"> <span class="ph cmd">单击目标实例<span class="ph uicontrol">操作</span>列的<span class="ph uicontrol">管理</span>，进入数据库审计控制台。</span> <div class="itemgroup info"> <img class="image" id="auditlog__d23e47" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-12277d5f94d4.png" width="700"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在菜单栏选择<span class="ph menucascade"><span class="ph uicontrol">查询分析</span><abbr> > </abbr><span class="ph uicontrol">审计日志</span></span>，进入<span class="keyword wintitle">审计日志</span>页面，设置查询条件（如时间范围、报文、资产等），单击<span class="ph uicontrol">搜索</span>即可查询相关审计日志。</span> <div class="itemgroup info"> <img class="image" id="auditlog__image_e5f_sdr_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-1fd4f0ef9c08.png" width="700"> <table class="table" id="auditlog__table_kry_jhr_4sb"><caption></caption><colgroup><col style="width:34.48275862068966%"><col style="width:65.51724137931035%"></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="auditlog__table_kry_jhr_4sb__entry__1"> <p class="p">配置项</p> </th> <th class="entry" id="auditlog__table_kry_jhr_4sb__entry__2"> <p class="p">说明</p> </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__1 "> <p class="p">时间范围</p> </td> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__2 "> <p class="p">日志查询的时间范围，默认为“最近5分钟”。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__1 "> <p class="p">报文</p> </td> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__2 "> <p class="p">按照输入的报文关键字来搜索审计日志。可填多个关键字，多个关键字之间用英文逗号或空格隔开，英文逗号表示关键字之间为“或”的关系，空格表示关键字之间为“并且”的关系。</p> <div class="p">举例：<ul class="ul" id="auditlog__ul_a3t_tmm_wsb"> <li class="li">输入 “select,drop”，表示查找报文中带有select或 drop的日志。</li> <li class="li">输入“select from”，表示查找报文中同时包含 select和from的日志。</li> </ul></div> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__1 "> <p class="p">资产</p> </td> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__2 "> <p class="p">可选择查询资产组或单个资产的日志，默认为全部资产。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__1 "> <p class="p">数据库账号</p> </td> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__2 "> <p class="p">登录到数据库的账号。通过这个账号进行的操作会被查询到。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__1 "> <p class="p">操作类型</p> </td> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__2 "> <p class="p">审计到的数据库操作的类型。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__1 "> <p class="p">客户端IP</p> </td> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__2 "> <p class="p">数据库管理客户端IP，可填写IPv4和IPv6地址。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__1 "> <p class="p">服务端IP</p> </td> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__2 "> <p class="p">数据库服务端IP地址，可填写IPv4或IPv6地址。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__1 "> <p class="p">执行状态</p> </td> <td class="entry" headers="auditlog__table_kry_jhr_4sb__entry__2 "> <p class="p">SQL的执行结果，可选择<strong class="ph b">执行成功</strong>、<strong class="ph b">执行失败</strong>、<strong class="ph b">未知</strong>，默认为<strong class="ph b">全部</strong>。</p> </td> </tr> </tbody></table> </div> </li><li class="li step stepexpand"> <span class="ph cmd">单击<span class="ph uicontrol">更多条件</span>，在弹出的<span class="keyword wintitle">更多条件</span>对话框中，勾选查询条件，单击<span class="ph uicontrol">确定</span>添加相应查询条件，单击<span class="ph uicontrol">恢复默认</span>可恢复至默认查询条件。</span> <div class="itemgroup info"> <img class="image" id="auditlog__image_i3l_f3r_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-1e9ca16594b6.png" width="550"> <table class="table" id="auditlog__table_yzd_h3r_4sb"><caption></caption><colgroup><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="auditlog__table_yzd_h3r_4sb__entry__1"> <p class="p">配置项</p> </th> <th class="entry" id="auditlog__table_yzd_h3r_4sb__entry__2"> <p class="p">说明</p> </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">资产</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">可选择查询资产组或单个资产的日志，默认为全部资产。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">数据库账号</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">登录到数据库的账号。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">客户端IP</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">客户端IP，可填写IPv4和IPv6地址。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">服务端IP</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">服务端IP地址，可填写IPv4或IPv6地址。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">审计ID</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">唯一标识审计记录的ID。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">会话ID</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">唯一标识会话记录的ID。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">SQL模板ID</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">标识SQL模板的ID。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">客户端端口</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">客户端端口号。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">服务端端口</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">服务端端口号。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">数据库名/实例名</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">数据库名称或者实例名称。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">客户端工具</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">客户端工具名称。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">主机名</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">客户端主机名称。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">影响行数</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">SQL返回的影响行数，查询格式为M-N，如：10-10，10-20。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">执行时长</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">执行SQL所用时长，单位为微秒us。查询格式为M-N，如：10-10，10-20。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">关联IP</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">关联用户的客户端IP。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">关联账号</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">关联用户的客户端账号。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">数据库类型</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">系统支持审计的数据库类型。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">操作类型</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">审计到的数据库操作的类型。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__1 "> <p class="p">执行状态</p> </td> <td class="entry" headers="auditlog__table_yzd_h3r_4sb__entry__2 "> <p class="p">默认为全部，可选择执行成功、执行失败、未知。</p> </td> </tr> </tbody></table> </div> </li><li class="li step stepexpand"> <span class="ph cmd">查询结果显示在查询条件的下方。单击<img class="image" id="auditlog__image_fkf_2fr_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-14ed8b939a40.png" width="20">图标，勾选需要展示的显示列，单击<span class="ph uicontrol">确定</span>即可设置查询结果展示的列；单击<span class="ph uicontrol">详细</span>，可查看审计日志的详细信息。</span> <div class="itemgroup info"> <img class="image" id="auditlog__image_xms_fkr_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-157bc0c09e7a.png" width="550"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">单击<img class="image" id="auditlog__image_qmr_slr_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-1343e17a919e.png" width="20">图标，可将查询结果导出至本地。</span> <div class="itemgroup info"> <img class="image" id="auditlog__image_h4s_tlr_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-18961e659b92.png" width="550"> </div> </li><li class="li step stepexpand"> <span class="ph cmd">在<span class="keyword wintitle">审计日志</span>页面上方单击<span class="ph uicontrol">修改</span>，在弹出的<span class="keyword wintitle">修改查询配置</span>对话框中，可以修改最大返回条数和最大查询时间，单击<span class="ph uicontrol">确定</span>。</span> <div class="itemgroup info"> <img class="image" id="auditlog__image_lt2_xlr_4sb" src="https://obs-cn-shanghai.ocftcloud.com/pacloud/20222103110011-170e03259908.png" width="400"> <table class="table" id="auditlog__table_nts_bmr_4sb"><caption></caption><colgroup><col><col></colgroup><thead class="thead"> <tr class="row"> <th class="entry" id="auditlog__table_nts_bmr_4sb__entry__1"> <p class="p">配置项</p> </th> <th class="entry" id="auditlog__table_nts_bmr_4sb__entry__2"> <p class="p">说明</p> </th> </tr> </thead><tbody class="tbody"> <tr class="row"> <td class="entry" headers="auditlog__table_nts_bmr_4sb__entry__1 "> <p class="p">最大返回条数</p> </td> <td class="entry" headers="auditlog__table_nts_bmr_4sb__entry__2 "> <p class="p">返回的查询结果最大条目数，取值范围为1~1000000，默认为100000。</p> </td> </tr> <tr class="row"> <td class="entry" headers="auditlog__table_nts_bmr_4sb__entry__1 "> <p class="p">最大查询时间</p> </td> <td class="entry" headers="auditlog__table_nts_bmr_4sb__entry__2 "> <p class="p">最大查询时长，取值范围为1~3600，单位为秒，默认为10秒。查询时间设置过短可能查询不到最大返回条数。</p> </td> </tr> </tbody></table> </div> </li></ol></section>