FAQs on Database Audits
Database Audits track two important activities in databases:
- User Login
- Database Object Access
In postmortems, it is important to get a list of humans (vs micro-service) who were logged in at that time. Generic
database clients such as
psql do not provide a method to capture access logs. Therefore a reverse
proxy such as DbAudit(/database-audit/) is required.
Postmortems also require an activity log of the users. Therefore the query history of all logged in users is also required. Most databases do not recommend logging query history from the database server. A reverse proxy such as DbAudit(/database-audit/) is the most performant option to capture query history.
Database Audits is required during postmortems of performance or security incidents such as:
- Track a malicious users activity.
- List all database objects that were accessed during a breach.
- Attribute runaway queries that affected performance to a user.
- Satisfy requirements of regulations such as GDPR, CCPA and HIPAA.
Options to audit databases are:
- Most commercial databases have a database auditing add-on.
- Open source reverse proxies can be used. For example, proxysql can be used as a database audit tool
- DbAudit(/database-audit/) is an open source and simple but effective database audit tool.