FAQs on Database Audits

Rajat Venkatesh — 02/15/20201 Min Read — In Database Audit

cover audit

What is database auditing ?

Database Audits track two important activities in databases:

  1. User Login
  2. Database Object Access

User Login

In postmortems, it is important to get a list of humans (vs micro-service) who were logged in at that time. Generic database clients such as mysql-client or psql do not provide a method to capture access logs. Therefore a reverse proxy such as DbAudit(/database-audit/) is required.

Database Object Access

Postmortems also require an activity log of the users. Therefore the query history of all logged in users is also required. Most databases do not recommend logging query history from the database server. A reverse proxy such as DbAudit(/database-audit/) is the most performant option to capture query history.

Why is database auditing important ?

Database Audits is required during postmortems of performance or security incidents such as:

  • Track a malicious users activity.
  • List all database objects that were accessed during a breach.
  • Attribute runaway queries that affected performance to a user.
  • Satisfy requirements of regulations such as GDPR, CCPA and HIPAA.

How do you audit a database ?

Options to audit databases are:

  • Most commercial databases have a database auditing add-on.
  • Open source reverse proxies can be used. For example, proxysql can be used as a database audit tool
  • DbAudit(/database-audit/) is an open source and simple but effective database audit tool.