CN113010494A - Database auditing method and device and database proxy server - Google Patents

Database auditing method and device and database proxy server Download PDF

Info

Publication number
CN113010494A
CN113010494A CN202110288999.4A CN202110288999A CN113010494A CN 113010494 A CN113010494 A CN 113010494A CN 202110288999 A CN202110288999 A CN 202110288999A CN 113010494 A CN113010494 A CN 113010494A
Authority
CN
China
Prior art keywords
database
audit
auditing
data
audited
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110288999.4A
Other languages
Chinese (zh)
Inventor
张健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Kingsoft Cloud Network Technology Co Ltd
Original Assignee
Beijing Kingsoft Cloud Network Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Kingsoft Cloud Network Technology Co Ltd filed Critical Beijing Kingsoft Cloud Network Technology Co Ltd
Priority to CN202110288999.4A priority Critical patent/CN113010494A/en
Publication of CN113010494A publication Critical patent/CN113010494A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/211Schema design and management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24564Applying rules; Deductive queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computational Linguistics (AREA)
  • Computing Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention provides a database auditing method and device and a database proxy server, and relates to the technical field of databases. The method is applied to any proxy server configured for the distributed database, and comprises the following steps: after a database access request for a distributed database and an analysis result of the database access request are obtained, whether the database access request is audited or not is judged based on the analysis result and a preset audit rule; if the judgment result is yes, acquiring data to be audited matched with the auditing rule in the analysis result; and sending the acquired to-be-audited data to the management server so that the management server generates an auditing result aiming at the auditing rule based on the to-be-audited data sent by the plurality of database proxy servers. Compared with the prior art, the scheme provided by the embodiment of the invention can realize the global audit of the access behavior of each tenant to the distributed database.

Description

Database auditing method and device and database proxy server
Technical Field
The invention relates to the technical field of databases, in particular to a database auditing method and device and a database proxy server.
Background
Currently, with the continuous development of database technology, databases are widely applied in more and more fields, and meanwhile, face more and more security challenges.
Generally, in order to improve the security of the Database, a Database audit method (dbaudio) may be used to record, analyze and report the behavior of a user accessing the Database, and trace and control the behavior of the user accessing the Database by using an audit result, so as to implement compliance management of the Database, alarm the risk behavior suffered by the Database, and block the attack behavior against the Database.
For a distributed database, each tenant may access the distributed database through a plurality of database Proxy servers (Proxy servers) configured in the distributed database, where different tenants may access the distributed database through different database Proxy servers, and the same tenant may also access the distributed database through different database Proxy servers.
Based on this, how to perform global audit on the access behavior of each tenant for the distributed database becomes a problem to be solved urgently.
Disclosure of Invention
The embodiment of the invention aims to provide a database auditing method, a database auditing device and a database proxy server, so as to realize global auditing of access behaviors of each tenant to a distributed database. The specific technical scheme is as follows:
in a first aspect, an embodiment of the present invention provides a database auditing method, which is applied to any one of a plurality of database proxy servers configured for a distributed database, where the plurality of database proxy servers are in communication connection with a preset management server for global auditing; the method comprises the following steps:
after a database access request for the distributed database and an analysis result of the database access request are obtained, whether the database access request is audited or not is judged based on the analysis result and a preset audit rule;
if the result of the judgment is yes, acquiring data to be audited, which is matched with the auditing rule, in the analysis result;
and sending the acquired to-be-audited counting data to the management server so that the management server generates an auditing result aiming at the auditing rule based on the to-be-audited counting data sent by the plurality of database proxy servers.
Optionally, in a specific implementation manner, the audit rule includes: auditing conditions and auditing fields corresponding to the auditing conditions; the auditing condition is a condition which is set for a specified field and is used for representing that the access request can be audited, and the auditing field is a field to be subjected to data auditing in an analysis result of the access request when any access request meets the auditing condition;
the step of judging whether to audit the database access request based on the analysis result and a preset audit rule comprises the following steps:
judging whether the field value of the specified field in the analysis result meets the auditing condition;
the step of obtaining the data to be audited matched with the auditing rule in the analysis result comprises the following steps:
and acquiring the field value of the audit field in the analysis result as data to be audited.
Optionally, in a specific implementation manner, the specified field includes at least one of the following fields:
tenants, access times, base tables, access operations, and database nodes.
Optionally, in a specific implementation manner, before the step of sending the pending data to the management server, the method further includes:
caching the acquired to-be-examined data in a designated cache space;
the step of sending the acquired pending data to the management server includes:
when the cached data to be examined in the appointed caching space meets a preset sending condition, sending the cached data to be examined to the management server;
wherein the transmission condition includes at least one of:
the data volume of the cached data to be audited reaches a preset data volume;
and the time for sending the cached data to be audited to the management server last time reaches the preset time.
Optionally, in a specific implementation manner, the method further includes:
outputting an audit rule setting interface;
acquiring an audit rule updating instruction sent by a user based on the audit rule setting interface;
and updating the audit rule based on the audit rule updating instruction.
In a second aspect, an embodiment of the present invention provides a database auditing apparatus, which is applied to any one of a plurality of database proxy servers configured for a distributed database, where the plurality of database proxy servers are in communication connection with a preset management server for global auditing; the method comprises the following steps:
the request judging module is used for judging whether to audit the database access request or not based on the analysis result and a preset auditing rule after acquiring the database access request aiming at the distributed database and the analysis result of the database access request; if the judgment result is yes, triggering a data acquisition module;
the data acquisition module is used for acquiring the data to be audited which is matched with the auditing rule in the analysis result;
and the data sending module is used for sending the acquired to-be-audited counting data to the management server so that the management server generates an auditing result aiming at the auditing rule based on the to-be-audited counting data sent by the database proxy servers.
Optionally, in a specific implementation manner, the audit rule includes: auditing conditions and auditing fields corresponding to the auditing conditions; the auditing condition is a condition which is set for a specified field and is used for representing that the access request can be audited, and the auditing field is a field to be subjected to data auditing in an analysis result of the access request when any access request meets the auditing condition;
the request judgment module is specifically configured to: judging whether the field value of the specified field in the analysis result meets the auditing condition;
the data acquisition module is specifically configured to: and acquiring the field value of the audit field in the analysis result as data to be audited.
Optionally, in a specific implementation manner, the specified field includes at least one of the following fields: tenants, access times, base tables, access operations, and database nodes.
Optionally, in a specific implementation manner, the apparatus further includes:
the data caching module is used for caching the acquired data to be checked in a designated caching space before the data to be checked is sent to the management server;
the data sending module is specifically configured to: when the cached data to be examined in the appointed caching space meets a preset sending condition, sending the cached data to be examined to the management server;
wherein the transmission condition includes at least one of:
the data volume of the cached data to be audited reaches a preset data volume;
and the time for sending the cached data to be audited to the management server last time reaches the preset time.
Optionally, in a specific implementation manner, the apparatus further includes:
the interface output module is used for outputting an audit rule setting interface;
the instruction acquisition module is used for acquiring an audit rule updating instruction sent by a user based on the audit rule setting interface;
and the rule changing module is used for updating the audit rule based on the audit rule updating instruction.
In a third aspect, an embodiment of the present invention provides a database auditing system, where the system includes: the system comprises a plurality of database proxy servers and a management server for global audit, wherein the database proxy servers are configured for a distributed database and are in communication connection with the management server;
each database proxy server is used for judging whether to audit the database access request or not based on the analysis result and a preset audit rule after acquiring the database access request aiming at the distributed database and the analysis result of the database access request; if the result of the judgment is yes, acquiring data to be audited, which is matched with the auditing rule, in the analysis result; sending the acquired data to be examined to the management server;
and the management server is used for generating an auditing result aiming at the auditing rule based on the to-be-audited counting data sent by the database proxy servers.
Optionally, in a specific implementation manner, the management server is a server in a preset audit database cluster, and the audit database cluster further includes: a storage server;
the management server is further used for sending the audit result to the storage server;
and the storage server is used for storing the audit result sent by the management server.
Optionally, in a specific implementation manner, the number of the storage servers is multiple;
the management server is specifically configured to determine a target storage server for storing the audit result from the plurality of storage servers according to a preset storage rule, and send the audit result to the target storage server.
Optionally, in a specific implementation manner, the audit rule includes: auditing conditions and auditing fields corresponding to the auditing conditions; the auditing condition is a condition which is set for a specified field and is used for representing that the access request can be audited, and the auditing field is a field to be subjected to data auditing in an analysis result of the access request when any access request meets the auditing condition;
each database proxy server is specifically configured to: judging whether the field value of the specified field in the analysis result meets the auditing condition; and if the judgment result is yes, acquiring the field value of the audit field in the analysis result as the data to be audited.
Optionally, in a specific implementation manner, the specified field includes at least one of the following fields: tenants, access times, base tables, access operations, and database nodes.
Optionally, in a specific implementation manner, each database proxy server 610 is further configured to cache the acquired to-be-examined data in a specified cache space;
each database proxy server is specifically configured to: when the cached data to be examined in the appointed caching space meets a preset sending condition, sending the cached data to be examined to the management server;
wherein the transmission condition includes at least one of:
the data volume of the cached data to be audited reaches a preset data volume;
and the time for sending the cached data to be audited to the management server last time reaches the preset time.
Optionally, in a specific implementation manner, each database proxy server is further configured to output an audit rule setting interface; acquiring an audit rule updating instruction sent by a user based on the audit rule setting interface; and updating the audit rule based on the audit rule updating instruction.
In a fourth aspect, an embodiment of the present invention provides a database proxy server, where the database proxy server is a proxy server configured for a distributed database, and is in communication connection with a preset management server for global audit, and the database proxy server includes a processor, a communication interface, a memory, and a communication bus, where the processor, the communication interface, and the memory complete communication with each other through the communication bus;
a memory for storing a computer program;
and the processor is used for realizing the steps of any database auditing method provided by the first aspect when executing the program stored in the memory.
In a fifth aspect, the present invention provides a computer-readable storage medium, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of any one of the database auditing methods provided in the first aspect.
In a sixth aspect, embodiments of the present invention provide a computer program product containing instructions which, when run on a computer, cause the computer to perform the steps of any of the database auditing methods provided in the first aspect above.
The embodiment of the invention has the following beneficial effects:
as can be seen from the above, in order to implement global audit on access behavior of each tenant for the distributed database, a management server may be provided, which is in communication connection with a plurality of database proxy servers configured for the distributed database and is used for global audit, according to the solution provided by the embodiment of the present invention.
In this way, after any database proxy server configured for the distributed database obtains the database access request for the distributed database and the analysis result of the database access request, whether the database access request is audited or not can be judged based on the analysis result and the preset audit rule, and when the judgment result is yes, the data to be audited matched with the audit rule in the analysis result is obtained. Further, the database proxy server can send the acquired pending data to the set management server. Therefore, after receiving the data to be audited sent by each database proxy server, the management server can generate the auditing result aiming at the auditing rule based on the data to be audited sent by each database proxy server.
Based on this, by applying the scheme provided by the embodiment of the present invention, since the management server for global audit can be in communication connection with the plurality of database proxy servers configured for the distributed database, the management server can acquire global data to be audited for the distributed database, thereby realizing global audit of the distributed database. Therefore, global audit can be performed on the access behavior of each tenant to the distributed database.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other embodiments can be obtained by using the drawings without creative efforts.
FIG. 1 is a schematic diagram of a database audit system consisting of 3 database proxy servers and a management server;
FIG. 2 is a schematic flow chart of a database auditing method according to an embodiment of the present invention;
FIG. 3 is a schematic flow chart of another database auditing method according to an embodiment of the present invention;
FIG. 4 is a schematic flow chart illustrating a further database auditing method according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a database auditing apparatus according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a database auditing system according to an embodiment of the present invention;
fig. 7 is a schematic structural diagram of a database proxy server according to an embodiment of the present invention;
fig. 8 is a schematic diagram of a specific implementation manner of a database auditing method according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived from the embodiments given herein by one of ordinary skill in the art, are within the scope of the invention.
For the distributed database, each tenant can access the distributed database through a plurality of database proxy servers configured in the distributed database, wherein different tenants can access the distributed database through different database proxy servers, and the same tenant can also access the distributed database through different database proxy servers. Based on this, how to perform global audit on the access behavior of each tenant for the distributed database becomes a problem to be solved urgently.
In order to solve the technical problem, an embodiment of the present invention provides a database auditing method.
The method can be applied to any one of a plurality of database proxy servers configured for the distributed database, and the database proxy servers can be in communication connection with a preset management server for global audit.
Therefore, the database audit system can be formed by the plurality of database proxy servers configured for the distributed database and the preset management server for global audit. For convenience of description, the database proxy server configured for the distributed database is hereinafter referred to as a database proxy server, and the preset management server for global audit is referred to as a management server.
For example, as shown in fig. 1, a schematic diagram of a database auditing system composed of 3 database proxy servers and a management server is shown. Wherein, this system includes: database proxy servers 110-1, 110-2, and 110-3, and a management server 120. Furthermore, the database proxy servers 110-1, 110-2, and 110-3 may all be used as an execution subject of the database auditing method provided by the embodiment of the present invention, and send the obtained to-be-audited count data to the management server 120, so that the management server 120 generates an auditing result for the auditing rule based on the to-be-audited data sent by the database proxy servers 110-1, 110-2, and 110-3.
In order to respond to a database access request of a user for a distributed database, each database proxy server may include a computing engine, and when a tenant accesses the distributed database through a certain database proxy server, the database proxy server may acquire the database access request for the distributed database sent by the tenant. Further, the computing engine in the database proxy server may analyze the database access request to obtain an analysis result, and generate a corresponding execution plan according to the analysis result, and further, may access the data storage nodes in the distributed database according to the execution plan to obtain a response result of the database access request, and feed back the response result to the device that sent the database access request, so as to complete a response to the database access request.
Furthermore, for convenience of description, an apparatus for performing a database auditing method provided by an embodiment of the present invention may be referred to as a database auditing apparatus.
Optionally, the above-mentioned database auditing device may be added to the calculation engine of the database proxy server. That is to say, the database auditing method provided by the embodiment of the present invention may be used as one of the functions that can be implemented by the computing engine. Then, the calculation engine of the database proxy server can realize the analysis and response of the database access request, and also can realize the database auditing method provided by the embodiment of the invention. In this way, the execution subject of the database auditing method provided by the embodiment of the present invention may specifically be a computing engine in a database proxy server.
Optionally, the database auditing device may also be configured as a device that is independent from and communicatively connected to the calculation engine of the database proxy server. Then, in the embodiment of the present invention, the computing engine of the database proxy server is configured to implement parsing and responding to the database access request, and the database auditing apparatus is configured to implement the database auditing method provided in the embodiment of the present invention, where the database auditing apparatus may obtain a parsing result of the database access request from the computing engine. In this way, the execution subject of the database auditing method provided by the embodiment of the present invention may specifically be a database auditing apparatus in a database proxy server.
In addition, it should be noted that, in the two alternative embodiments, the execution subject of the database auditing method provided by the embodiment of the present invention may be understood as: a database proxy server.
The database auditing method provided by the embodiment of the invention can comprise the following steps:
after a database access request for the distributed database and an analysis result of the database access request are obtained, whether the database access request is audited or not is judged based on the analysis result and a preset audit rule;
if the result of the judgment is yes, acquiring data to be audited, which is matched with the auditing rule, in the analysis result;
and sending the acquired to-be-audited counting data to the management server so that the management server generates an auditing result aiming at the auditing rule based on the to-be-audited counting data sent by the plurality of database proxy servers.
As can be seen from the above, in order to implement global audit on access behavior of each tenant for the distributed database, a management server may be provided, which is in communication connection with a plurality of database proxy servers configured for the distributed database and is used for global audit, according to the solution provided by the embodiment of the present invention.
In this way, after any database proxy server configured for the distributed database obtains the database access request for the distributed database and the analysis result of the database access request, whether the database access request is audited or not can be judged based on the analysis result and the preset audit rule, and when the judgment result is yes, the data to be audited matched with the audit rule in the analysis result is obtained. Further, the database proxy server can send the acquired pending data to the set management server. Therefore, after receiving the data to be audited sent by each database proxy server, the management server can generate the auditing result aiming at the auditing rule based on the data to be audited sent by each database proxy server.
Based on this, by applying the scheme provided by the embodiment of the present invention, since the management server for global audit can be in communication connection with the plurality of database proxy servers configured for the distributed database, the management server can acquire global data to be audited for the distributed database, thereby realizing global audit of the distributed database. Therefore, global audit can be performed on the access behavior of each tenant to the distributed database.
The following describes a database auditing method provided by an embodiment of the present invention in detail with reference to the accompanying drawings.
As shown in fig. 2, a schematic flowchart of a database auditing method according to an embodiment of the present invention is provided, and as shown in fig. 2, the method may include the following steps:
s201: after a database access request for a distributed database and an analysis result of the database access request are obtained, whether the database access request is audited or not is judged based on the analysis result and a preset audit rule; if yes, go to step S202;
after the database access request for the distributed database is acquired, a calculation engine in the database proxy server can analyze the database access request, so that an analysis result of the database access request is obtained.
Therefore, after the database access request aiming at the distributed database and the analysis result of the database access request are obtained, the database proxy server can judge whether to audit the database access request or not based on the analysis result and the preset audit rule. If the judgment result is yes, the database access request needs to be audited, and therefore data to be audited, which are needed for auditing, exist in the analysis result of the database access request. Based on this, if the determination result is yes, the database proxy server may continue to perform the subsequent step S202.
Correspondingly, if the judgment result is negative, the database access request does not need to be audited, so that the subsequent steps do not need to be continuously executed, and the database access request can be ignored.
When a database auditing device is added to a computing engine of a database proxy server, the computing engine can directly obtain a database access request for a distributed database and an analysis result of the database access request after the computing engine of the database proxy server analyzes the analysis result to obtain the analysis result of the database access request, so that the computing engine can continuously execute the database auditing method provided by the embodiment of the invention.
When the database auditing device is arranged as a device which is mutually independent from the computing engine of the database proxy server and is in communication connection with the computing engine, and the computing engine analyzes the analysis result of the database access request, the database auditing device can acquire the database access request aiming at the distributed database and the analysis result of the database access request from the computing engine, and continuously execute the database auditing method provided by the embodiment of the invention.
The preset auditing rule can represent which data access requests need to be audited and which contents need to be audited specifically. For clarity of the scheme and clarity of layout, the detailed contents of the audit rules are described later.
S202: acquiring data to be audited matched with the auditing rule in the analytic result;
furthermore, if the determination result in the step S201 is yes, it indicates that the obtained database access request needs to be audited, and the analysis result of the database access request includes data to be audited, which is required for auditing.
Therefore, the data to be audited matched with the auditing rule in the analysis result can be obtained.
S203: and sending the acquired to-be-audited data to the management server so that the management server generates an auditing result aiming at the auditing rule based on the to-be-audited data sent by the plurality of database proxy servers.
After the data to be audited is obtained, the obtained data to be audited can be sent to the management server.
In this way, since the management server can be in communication connection with the plurality of database proxy servers configured for the distributed database, the management server can acquire the pending data sent by each database proxy server configured for the distributed database. Therefore, the management server can acquire the to-be-audited data in the analysis result of each database access request of the distributed database, which is sent by each tenant through each database proxy server. That is, the management server may obtain global data to be audited for the distributed database.
Based on the audit rule, the management server can generate the audit result aiming at the preset audit rule based on the data to be audited sent by the database proxy servers. The management server can obtain the global data to be audited for the distributed database, so that the audit result generated by the management server is the global audit result for the distributed database and for the preset audit rule. Therefore, global audit can be performed on the access behavior of each tenant to the distributed database.
For example, in one implementation, the management server may directly determine the acquired to-be-audited data sent by the plurality of database proxy servers as the audit result for the audit rule.
For example, in another implementation manner, the management server may process the acquired to-be-audited data sent by the multiple database proxy servers according to a preset processing rule, so that an obtained processing result is determined as an audit result for the audit rule.
For example, the management server may rearrange the acquired to-be-audited data sent by the plurality of database proxy servers according to a preset arrangement rule, and determine the rearranged to-be-audited data as an auditing result for the auditing rule.
Of course, the management server may also generate an audit result for the audit rule by using other manners, which is not limited in the embodiment of the present invention.
For example, in an implementation manner, the management server may be a server in a preset audit database cluster, and the audit database cluster may further include: and a storage server.
In this way, after the management server generates the audit result aiming at the audit rule, the management server can further send the audit result to the storage server. The storage server may thus store the received audit results.
Therefore, by applying the implementation mode, the audit result can be saved, so that when the audit result needs to be applied again, the audit result can be directly obtained from the storage server, and the normal operation of subsequent application is ensured.
For example, in another implementation manner, the management server may be a server in a preset audit database cluster, and the audit database cluster may further include: a plurality of storage servers.
The management server may preset a storage rule, where the storage rule is used to indicate a type of the audit result stored by each storage server.
For example, an audit database cluster includes 3 storage servers 1-3; the storage server 1 is used for storing an auditing result of an auditing rule of a tenant A under an auditing condition; the storage server 2 is used for storing an auditing result of an auditing rule of the tenant B under an auditing condition; the storage server 3 is used for storing the auditing result of the auditing rule of the tenant C under the auditing condition, and the like.
Therefore, after the management server generates the audit result aiming at the audit rule, the target storage server used for storing the audit result can be determined from the plurality of storage servers according to the preset storage rule, and then the management server can send the generated audit result to the target storage server. In this way, the target storage server may store the received audit results.
Based on this, in applying this implementation, alright in order to realize the classification save to the audit result to, when each audit result need be used again, can directly seek this audit result from the target storage server who keeps this audit result according to the type of required audit result, under the prerequisite of guaranteeing follow-up application normal clear, save the required time of audit result seek, improve the efficiency of seeking.
As can be seen from the above, according to the scheme provided by the embodiment of the present invention, since the management server for global audit can be in communication connection with the plurality of database proxy servers configured for the distributed database, the management server can acquire global data to be audited for the distributed database, thereby implementing global audit on the distributed database. Therefore, global audit can be performed on the access behavior of each tenant to the distributed database.
In addition, by applying the scheme provided by the embodiment of the invention, the tenant and the database proxy server do not need to be bound, and the high concurrency characteristic and the high availability characteristic of the distributed database can be fully utilized. In addition, only one management server in communication connection with a plurality of database proxy servers configured for the distributed database is required to be arranged, and more system components such as a data storage system, a data analysis system, a data aggregation system and the like are not required to be arranged, so that data transmission chains can be reduced, the auditing efficiency can be improved, and the complexity of the scheme can be reduced.
Furthermore, because the audit result of the database access request is obtained by analyzing by the computing engine in the database proxy server, when the database access request is encrypted, the audit result of the database access request can still be obtained, and the audit of the database access request is realized. In addition, in the auditing process, the calculation engine can normally respond to the database access request, so that the real-time service of the distributed database is not influenced.
Optionally, in a specific implementation manner, the audit rule includes: auditing conditions and auditing fields corresponding to the auditing conditions; the auditing condition is a condition which is set for the specified field and used for representing that the access request can be audited, and the auditing field is a field to be subjected to data auditing in the analysis result of the access request when any access request meets the auditing condition.
For example, the audit conditions included in the audit rules are: tenant A, audit field is: access time, access operation, and library table. The audit rule indicates that: for each database access request, if the sender of the database access request is a tenant A, auditing the database access request, wherein the data to be audited obtained from the analysis result of the database access request is as follows: the access time of the database access request, the accessed library table, and the performed access operation. Also, in this example, the designated field is a tenant.
Illustratively, the specified field may include at least one of the following fields: tenants, access times, base tables, access operations, and database nodes. Of course, the designated field may also include other fields, and the embodiment of the present invention is not particularly limited.
Illustratively, for a certain database access request, the resolution result of the database access request includes: and (3) the tenant A, the access time of 2021 year, 1 month, 28 days, 10:29:33, the accessed base table of the tenant A is the base table C, and the executed access operation is the deletion operation, auditing the database access request, and acquiring data to be audited: year 2021, month 28, day 10:29:33, base table C, and delete operation.
Based on this, in the present specific implementation, as shown in fig. 3:
the step S201, determining whether to audit the database access request based on the analysis result and the preset audit rule, may include the following step S201A:
S201A: judging whether the field value of the specified field in the analysis result meets the auditing condition;
in the step S202, the obtaining of the data to be audited, which is matched with the auditing rule in the parsing result, may include the following step S202A:
S202A: and acquiring the field value of the audit field in the analysis result as the data to be audited.
In this specific implementation manner, after the analysis result of the database access request is obtained, the field value of the specified field in the analysis result may be determined first, and then, whether the field value meets the audit condition may be determined.
When the field value meets the auditing condition, the auditing of the database access request can be judged. And then, the field value of the audit field in the analysis result can be obtained and used as the data to be audited.
For example, the audit conditions included in the audit rules are: tenant A, audit field is: access time, access operation, and library table. After a certain database access request and the analysis result of the database access request are obtained, whether the field value of the tenant field in the analysis result of the database access request is A or not can be judged firstly, so that when the judgment result is yes, the field values of the access time field, the access operation field and the base table field in the analysis result of the database access request can be further obtained, and the obtained field values of the access time field, the access operation field and the base table field are used as data to be audited.
Optionally, in a specific implementation manner, as shown in fig. 4, the database auditing method provided in the embodiment of the present invention may further include the following step S200:
s200: caching the acquired to-be-examined data in a designated cache space;
accordingly, in this specific implementation manner, the step S203 of sending the acquired pending data to the management server may include the following step S203A:
S203A: when the cached data to be examined in the appointed caching space meets the preset sending condition, sending the cached data to be examined to the management server;
wherein the transmission condition includes at least one of the following conditions:
the data volume of the cached data to be audited reaches a preset data volume;
and the time length from the last time of sending the cached data to be audited to the management server reaches the preset time length.
In this specific implementation manner, after the data to be audited is obtained, the obtained data to be audited may not be immediately sent to the management server, but the obtained data to be audited may be cached in the specified cache space. Furthermore, when the cached pending data in the designated cache space meets the preset sending condition, the cached pending data can be sent to the management server.
Therefore, the database proxy server can transmit more data to be audited to the management server through one-time data transmission, so that the interaction times between the database proxy server and the management server can be reduced, the data interaction pressure is reduced, and the resource waste caused by data interaction is saved.
Optionally, after the obtained to-be-audited data is cached in the specified cache space, the cached to-be-audited data may be further sorted, for example, rearranged according to the specified field, so that the processing complexity of the management server when generating the audit result for the audit rule may be reduced, the processing pressure of the management server may be reduced, and the generation efficiency of the audit result may be improved.
Different auditing rules can be preset according to different auditing purposes, so that the auditing purposes can be changed along with the change of an application scene in the actual application process, and the auditing rules can be updated accordingly.
Based on this, optionally, in a specific implementation manner, the database auditing method provided by the embodiment of the present invention may further include the following steps a to C.
Step A: outputting an audit rule setting interface;
and B: acquiring an audit rule updating instruction sent by a user based on an audit rule setting interface;
and C: and updating the audit rule based on the audit rule updating instruction.
In this specific implementation manner, the database proxy server may output an audit rule setting interface, so that a user may input a new audit rule through operations such as input and click in the audit rule setting interface, thereby sending an audit rule update instruction to the database proxy server.
Therefore, the database proxy server can acquire the audit rule updating instruction sent by the user based on the audit rule setting interface, and update the audit rule based on the acquired audit rule updating instruction.
Optionally, when sending the audit rule update instruction to the database proxy server, the user may indicate that the audit rule update instruction is only used for changing the audit rule in the database proxy server. For example, the audit rule setting interface may include: a first update button, the first update button being: and the button is used for sending an instruction only for changing the audit rule in the database proxy server, and the user can click the first updating button after outputting a new audit rule, so that the database proxy server can obtain the audit rule updating instruction sent by the user based on the audit rule setting interface, and the audit rule updating instruction is determined to be only used for changing the audit rule in the database proxy server.
Based on this, in this specific implementation, the plurality of database proxy servers provided for the distributed database may include different auditing rules, so that multidimensional global auditing of the distributed database may be simultaneously achieved.
Correspondingly, optionally, when the user sends the audit rule update instruction to the database proxy server, the audit rule update instruction may be indicated to be used for changing the audit rules in all the database proxy servers.
For example, the audit rule setting interface may include: a second update button, the second update button being: and the second update button can be clicked after the user outputs a new audit rule, so that the database proxy server can obtain an audit rule update instruction sent by the user based on an audit rule setting interface, and the audit rule update instruction is determined to be used for changing the audit rules in all the database proxy servers set by the distributed database. In this way, the database proxy server which acquires the audit rule updating instruction sent by the user based on the audit rule setting interface can record the updating content of the audit rule indicated by the audit rule updating instruction into the audit rule base table in the distributed database, so that other database proxy servers which are set for the distributed database can read the updating content of the audit rule from the audit rule base table regularly and update the local audit rule according to the updating content.
Based on this, in the specific implementation mode, the change of the audit rules of all the database proxy servers can be completed through one-time instruction input, so that the change time of the audit rules can be saved, and the update efficiency of the audit rules is improved.
Correspondingly, optionally, when the user sends the audit rule update instruction to the database proxy server, the audit rule update instruction may be indicated to be used for changing the audit rule in a part of the database proxy servers set in the distributed database.
For example, the audit rule setting interface may include: a third update button and a designated input area, the third update button being: the button is used for sending out an instruction for changing the audit rule in a part of database proxy servers set in the distributed database, and the user can input the identification information of the database proxy server needing to change the audit rule in the specified input area, so that the user can click the third update button after outputting a new audit rule and the identification information of the database proxy server needing to change the audit rule, thereby the database proxy server can obtain the audit rule update instruction sent by the user based on the audit rule setting interface and the identification information input by the user in the specified input area, and the audit rule update instruction is determined to be used for changing the audit rule in the part of database proxy servers set in the distributed database. In this way, the database proxy server which acquires the audit rule updating instruction sent by the user based on the audit rule setting interface can record the audit rule updating content indicated by the audit rule updating instruction and the identification information input by the user in the specified input area into the audit rule base table in the distributed database, so that other database proxy servers which are set for the distributed database can read the updating content of the audit rule from the audit rule base table regularly, and only the database proxy server with the identification information input by the user in the specified input area can update the local audit rule according to the updating content.
Based on this, in this specific implementation, the plurality of database proxy servers provided for the distributed database may include different auditing rules, so that multidimensional global auditing of the distributed database may be simultaneously achieved. Moreover, the change of the audit rules of the database proxy servers with the same audit rules can be completed through one-time instruction input, so that the change time of the audit rules can be saved, and the update efficiency of the audit rules is improved.
To facilitate understanding of the database auditing method provided by the embodiment of the present invention, as shown in fig. 8, a schematic diagram of a specific implementation manner of the database auditing method provided by the embodiment of the present invention is provided.
Where Proxy1 and Proxy2 are any two database Proxy servers of a plurality of database Proxy servers provisioned for a distributed database. And, each database proxy server includes: the system comprises a calculation engine and an audit agency module, wherein the audit agency module can store audit rules and comprises a specified cache space.
DB (database) 1-DBN in the distributed database is each storage node in the distributed database; DB 1' -DBM in the audit database cluster is the individual storage server in the audit database cluster.
Since the way in which each database Proxy server applies the database auditing method provided by the embodiment of the present invention is the same, a description is given below of the database auditing method provided by the embodiment of the present invention by taking Proxy1 as an example. 1. SQL request: the tenant sends an SQL (Structured Query Language) request for the distributed database to the Proxy1, where the SQL request is a database access request. The calculation engine of Proxy1 receives the SQL request, analyzes the SQL request, obtains an analysis result, and generates an execution plan.
2. SQL is executed, and the result is returned: the computing engine of Proxy1 may continue to execute the generated execution plan and access the distributed database to obtain the response result of the SQL request.
5. And SQL request return: after obtaining the response result of the SQL request, the Proxy1 may directly feed back the response result of the SQL request to the tenant.
3. And (4) auditing rules: and a computing engine of the Proxy1 acquires the audit rule from the audit agent module, and judges whether to audit the received SQL request according to the analysis result of the SQL request and the audit rule.
4. And (4) auditing content collection: if the judgment result in the step 3 is yes, the calculation engine of the Proxy1 may obtain the data to be audited, which is matched with the auditing rule, in the analysis result of the SQL request.
6. Synthesizing SQL audit content and warehousing: the audit agent sends the received to-be-audited count data to a management server in the audit database cluster, and the management server can generate an audit result based on the received to-be-audited count data, determine a target storage server for storing the audit result from the DB 1' -DBM according to a preset storage rule, and send the audit result to the target storage server.
Based on this, by applying the scheme provided by the embodiment of the present invention, since the management server for global audit can be in communication connection with the plurality of database proxy servers configured for the distributed database, the management server can acquire global data to be audited for the distributed database, thereby realizing global audit of the distributed database. Therefore, global audit can be performed on the access behavior of each tenant to the distributed database.
Corresponding to the database auditing method provided by the embodiment of the invention, the embodiment of the invention also provides a database auditing device.
The database auditing device is applied to any one of a plurality of database proxy servers configured for a distributed database, and the database proxy servers are in communication connection with a preset management server for global auditing.
Fig. 5 is a schematic structural diagram of a database auditing apparatus according to an embodiment of the present invention, and as shown in fig. 5, the apparatus may include the following modules:
a request determining module 510, configured to determine whether to audit the database access request based on an analysis result and a preset audit rule after acquiring the database access request for the distributed database and an analysis result of the database access request; if the judgment result is yes, the data acquisition module 520 is triggered;
the data obtaining module 520 is configured to obtain data to be audited, which is matched with the auditing rule, in the analysis result;
a data sending module 530, configured to send the obtained to-be-audited data to the management server, so that the management server generates an auditing result for the auditing rule based on the to-be-audited data sent by the multiple database proxy servers.
As can be seen from the above, in order to implement global audit on access behavior of each tenant for the distributed database, a management server may be provided, which is in communication connection with a plurality of database proxy servers configured for the distributed database and is used for global audit, according to the solution provided by the embodiment of the present invention.
In this way, after any database proxy server configured for the distributed database obtains the database access request for the distributed database and the analysis result of the database access request, whether the database access request is audited or not can be judged based on the analysis result and the preset audit rule, and when the judgment result is yes, the data to be audited matched with the audit rule in the analysis result is obtained. Further, the database proxy server can send the acquired pending data to the set management server. Therefore, after receiving the data to be audited sent by each database proxy server, the management server can generate the auditing result aiming at the auditing rule based on the data to be audited sent by each database proxy server.
Based on this, by applying the scheme provided by the embodiment of the present invention, since the management server for global audit can be in communication connection with the plurality of database proxy servers configured for the distributed database, the management server can acquire global data to be audited for the distributed database, thereby realizing global audit of the distributed database. Therefore, global audit can be performed on the access behavior of each tenant to the distributed database.
Optionally, in a specific implementation manner, the audit rule includes: auditing conditions and auditing fields corresponding to the auditing conditions; the auditing condition is a condition which is set for a specified field and is used for representing that the access request can be audited, and the auditing field is a field to be subjected to data auditing in an analysis result of the access request when any access request meets the auditing condition;
the request determining module 510 is specifically configured to: judging whether the field value of the specified field in the analysis result meets the auditing condition;
the data obtaining module 520 is specifically configured to: and acquiring the field value of the audit field in the analysis result as data to be audited.
Optionally, in a specific implementation manner, the specified field includes at least one of the following fields: tenants, access times, base tables, access operations, and database nodes.
Optionally, in a specific implementation manner, the apparatus further includes:
the data caching module is used for caching the acquired data to be checked in a designated caching space before the data to be checked is sent to the management server;
the data sending module 530 is specifically configured to: when the cached data to be examined in the appointed caching space meets a preset sending condition, sending the cached data to be examined to the management server;
wherein the transmission condition includes at least one of:
the data volume of the cached data to be audited reaches a preset data volume;
and the time for sending the cached data to be audited to the management server last time reaches the preset time.
Optionally, in a specific implementation manner, the apparatus further includes:
the interface output module is used for outputting an audit rule setting interface;
the instruction acquisition module is used for acquiring an audit rule updating instruction sent by a user based on the audit rule setting interface;
and the rule changing module is used for updating the audit rule based on the audit rule updating instruction.
Corresponding to the database auditing method provided by the embodiment of the invention, the embodiment of the invention also provides a database auditing system.
Fig. 6 is a schematic structural diagram of a database auditing system according to an embodiment of the present invention. As shown in fig. 6, the system includes: a plurality of database proxy servers 610 configured for the distributed database and a management server 620 used for global auditing, wherein the plurality of database proxy servers 610 are in communication connection with the management server 620;
each database proxy server 610 is configured to, after acquiring a database access request for a distributed database and an analysis result of the database access request, determine whether to audit the database access request based on the analysis result and a preset audit rule; if the judgment result is yes, acquiring data to be audited matched with the auditing rule in the analysis result; sending the acquired to-be-examined data to the management server 620;
and the management server 620 is configured to generate an audit result for the audit rule based on the data to be audited sent by the plurality of database proxy servers 610.
As can be seen from the above, in order to implement global audit on access behavior of each tenant for the distributed database, a management server may be provided, which is in communication connection with a plurality of database proxy servers configured for the distributed database and is used for global audit, according to the solution provided by the embodiment of the present invention.
In this way, after any database proxy server configured for the distributed database obtains the database access request for the distributed database and the analysis result of the database access request, whether the database access request is audited or not can be judged based on the analysis result and the preset audit rule, and when the judgment result is yes, the data to be audited matched with the audit rule in the analysis result is obtained. Further, the database proxy server can send the acquired pending data to the set management server. Therefore, after receiving the data to be audited sent by each database proxy server, the management server can generate the auditing result aiming at the auditing rule based on the data to be audited sent by each database proxy server.
Based on this, by applying the scheme provided by the embodiment of the present invention, since the management server for global audit can be in communication connection with the plurality of database proxy servers configured for the distributed database, the management server can acquire global data to be audited for the distributed database, thereby realizing global audit of the distributed database. Therefore, global audit can be performed on the access behavior of each tenant to the distributed database.
Optionally, in a specific implementation manner, the management server 620 is a server in a preset audit database cluster, and the audit database cluster further includes: a storage server;
the management server 620 is further configured to send the audit result to the storage server;
and the storage server is used for storing the audit result sent by the management server 620.
In this specific implementation manner, after the management server 620 generates the audit result for the audit rule, the audit result may be further sent to the storage server. The storage server may thus store the received audit results.
Therefore, the audit result can be saved, so that when the audit result needs to be applied again, the audit result can be directly obtained from the storage server, and normal operation of subsequent application is ensured.
Optionally, in a specific implementation manner, the number of the storage servers is multiple;
the management server 620 is specifically configured to determine, according to a preset storage rule, a target storage server for storing an audit result from the plurality of storage servers, and send the audit result to the target storage server.
In this specific implementation manner, the preset audit database cluster may include a plurality of storage servers, and a storage rule may be preset, where the storage rule is used to indicate a type of the audit result stored by each storage server.
For example, a preset audit database cluster comprises 3 storage servers 1-3; the storage server 1 is used for storing an auditing result of an auditing rule of a tenant A under an auditing condition; the storage server 2 is used for storing an auditing result of an auditing rule of the tenant B under an auditing condition; the storage server 3 is used for storing the auditing result of the auditing rule of the tenant C under the auditing condition, and the like.
Therefore, after the management server 620 generates the audit result for the audit rule, the target storage server for storing the audit result can be determined from the plurality of storage servers according to the preset storage rule, and then the management server 620 can send the generated audit result to the target storage server. In this way, the target storage server may store the received audit results.
Optionally, in a specific implementation manner, the audit rule includes: auditing conditions and auditing fields corresponding to the auditing conditions; the auditing condition is a condition which is set for a specified field and is used for representing that the access request can be audited, and the auditing field is a field to be subjected to data auditing in an analysis result of the access request when any access request meets the auditing condition;
each database proxy server 610 is specifically configured to: judging whether the field value of the specified field in the analysis result meets the auditing condition; and if the judgment result is yes, acquiring the field value of the audit field in the analysis result as the data to be audited.
Optionally, in a specific implementation manner, the specified field includes at least one of the following fields: tenants, access times, base tables, access operations, and database nodes.
Optionally, in a specific implementation manner, each database proxy server 610 is further configured to cache the acquired to-be-examined data in a specified cache space;
each database proxy server 610 is specifically configured to: when the cached data to be examined in the appointed caching space meets a preset sending condition, sending the cached data to be examined to the management server;
wherein the transmission condition includes at least one of:
the data volume of the cached data to be audited reaches a preset data volume;
and the time for sending the cached data to be audited to the management server last time reaches the preset time.
Optionally, in a specific implementation manner, each database proxy server 610 is further configured to output an audit rule setting interface; acquiring an audit rule updating instruction sent by a user based on the audit rule setting interface; and updating the audit rule based on the audit rule updating instruction.
Corresponding to the database auditing method provided by the above embodiment of the present invention, the embodiment of the present invention further provides a database proxy server, which is a proxy server configured for a distributed database and is in communication connection with a preset management server for global auditing, as shown in fig. 7, and includes a processor 701, a communication interface 702, a memory 703 and a communication bus 704, where the processor 701, the communication interface 702, and the memory 703 complete mutual communication through the communication bus 704,
a memory 703 for storing a computer program;
the processor 701 is configured to implement the steps of any database auditing method provided by the above-described embodiment of the present invention when executing the program stored in the memory 703.
The communication bus mentioned in the electronic device may be a Peripheral Component Interconnect (PCI) bus, an Extended Industry Standard Architecture (EISA) bus, or the like. The communication bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one thick line is shown, but this does not mean that there is only one bus or one type of bus.
The communication interface is used for communication between the electronic equipment and other equipment.
The Memory may include a Random Access Memory (RAM) or a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
In yet another embodiment of the present invention, a computer-readable storage medium is further provided, in which a computer program is stored, and the computer program, when executed by a processor, implements the steps of any of the database auditing methods provided by the above-mentioned embodiments of the present invention.
In yet another embodiment provided by the present invention, there is also provided a computer program product containing instructions which, when run on a computer, cause the computer to perform the steps of any of the database auditing methods provided by the embodiments of the present invention described above.
In the above embodiments, the implementation may be wholly or partially realized by software, hardware, firmware, or any combination thereof. When implemented in software, may be implemented in whole or in part in the form of a computer program product. The computer program product includes one or more computer instructions. When loaded and executed on a computer, cause the processes or functions described in accordance with the embodiments of the invention to occur, in whole or in part. The computer may be a general purpose computer, a special purpose computer, a network of computers, or other programmable device. The computer instructions may be stored in a computer readable storage medium or transmitted from one computer readable storage medium to another, for example, from one website site, computer, server, or data center to another website site, computer, server, or data center via wired (e.g., coaxial cable, fiber optic, Digital Subscriber Line (DSL)) or wireless (e.g., infrared, wireless, microwave, etc.). The computer-readable storage medium can be any available medium that can be accessed by a computer or a data storage device, such as a server, a data center, etc., that incorporates one or more of the available media. The usable medium may be a magnetic medium (e.g., floppy Disk, hard Disk, magnetic tape), an optical medium (e.g., DVD), or a semiconductor medium (e.g., Solid State Disk (SSD)), among others.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other identical elements in a process, method, article, or apparatus that comprises the element.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, apparatus embodiments, system embodiments, database proxy server embodiments, computer-readable storage medium embodiments, and computer program product embodiments are described for simplicity because they are substantially similar to method embodiments, and reference may be made to some descriptions of method embodiments for related points.
The above description is only for the preferred embodiment of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention shall fall within the protection scope of the present invention.

Claims (11)

1. A database auditing method is characterized in that the method is applied to any one of a plurality of database proxy servers configured for a distributed database, and the database proxy servers are in communication connection with a preset management server for global auditing; the method comprises the following steps:
after a database access request for the distributed database and an analysis result of the database access request are obtained, whether the database access request is audited or not is judged based on the analysis result and a preset audit rule;
if the result of the judgment is yes, acquiring data to be audited, which is matched with the auditing rule, in the analysis result;
and sending the acquired to-be-audited counting data to the management server so that the management server generates an auditing result aiming at the auditing rule based on the to-be-audited counting data sent by the plurality of database proxy servers.
2. The method of claim 1, wherein the audit rules comprise: auditing conditions and auditing fields corresponding to the auditing conditions; the auditing condition is a condition which is set for a specified field and is used for representing that the access request can be audited, and the auditing field is a field to be subjected to data auditing in an analysis result of the access request when any access request meets the auditing condition;
the step of judging whether to audit the database access request based on the analysis result and a preset audit rule comprises the following steps:
judging whether the field value of the specified field in the analysis result meets the auditing condition;
the step of obtaining the data to be audited matched with the auditing rule in the analysis result comprises the following steps:
and acquiring the field value of the audit field in the analysis result as data to be audited.
3. The method of claim 2, wherein the specified field comprises at least one of:
tenants, access times, base tables, access operations, and database nodes.
4. The method of claim 1, wherein prior to the step of sending the data to be audited to the administrative server, the method further comprises:
caching the acquired to-be-examined data in a designated cache space;
the step of sending the acquired pending data to the management server includes:
when the cached data to be examined in the appointed caching space meets a preset sending condition, sending the cached data to be examined to the management server;
wherein the transmission condition includes at least one of:
the data volume of the cached data to be audited reaches a preset data volume;
and the time for sending the cached data to be audited to the management server last time reaches the preset time.
5. The method of claim 1, further comprising:
outputting an audit rule setting interface;
acquiring an audit rule updating instruction sent by a user based on the audit rule setting interface;
and updating the audit rule based on the audit rule updating instruction.
6. The database auditing device is characterized by being applied to any one of a plurality of database proxy servers configured for a distributed database, wherein the database proxy servers are in communication connection with a preset management server for global auditing; the method comprises the following steps:
the request judging module is used for judging whether to audit the database access request or not based on the analysis result and a preset auditing rule after acquiring the database access request aiming at the distributed database and the analysis result of the database access request; if the judgment result is yes, triggering a data acquisition module;
the data acquisition module is used for acquiring the data to be audited which is matched with the auditing rule in the analysis result;
and the data sending module is used for sending the acquired to-be-audited counting data to the management server so that the management server generates an auditing result aiming at the auditing rule based on the to-be-audited counting data sent by the database proxy servers.
7. A database audit system, the system comprising: the system comprises a plurality of database proxy servers and a management server for global audit, wherein the database proxy servers are configured for a distributed database and are in communication connection with the management server;
each database proxy server is used for judging whether to audit the database access request or not based on the analysis result and a preset audit rule after acquiring the database access request aiming at the distributed database and the analysis result of the database access request; if the result of the judgment is yes, acquiring data to be audited, which is matched with the auditing rule, in the analysis result; sending the acquired data to be examined to the management server;
and the management server is used for generating an auditing result aiming at the auditing rule based on the to-be-audited counting data sent by the database proxy servers.
8. The system of claim 7, wherein the administrative server is a server in a pre-defined audit database cluster, the audit database cluster further comprising: a storage server;
the management server is further used for sending the audit result to the storage server;
and the storage server is used for storing the audit result sent by the management server.
9. The system of claim 8, wherein the storage server is plural in number;
the management server is specifically configured to determine a target storage server for storing the audit result from the plurality of storage servers according to a preset storage rule, and send the audit result to the target storage server.
10. The database proxy server is characterized by being a proxy server configured for a distributed database and in communication connection with a preset management server for global audit, and comprising a processor, a communication interface, a memory and a communication bus, wherein the processor, the communication interface and the memory are used for completing mutual communication through the communication bus;
a memory for storing a computer program;
a processor for implementing the method steps of any one of claims 1 to 5 when executing a program stored in the memory.
11. A computer-readable storage medium, characterized in that a computer program is stored in the computer-readable storage medium, which computer program, when being executed by a processor, carries out the method steps of any one of the claims 1-5.
CN202110288999.4A 2021-03-18 2021-03-18 Database auditing method and device and database proxy server Pending CN113010494A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110288999.4A CN113010494A (en) 2021-03-18 2021-03-18 Database auditing method and device and database proxy server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110288999.4A CN113010494A (en) 2021-03-18 2021-03-18 Database auditing method and device and database proxy server

Publications (1)

Publication Number Publication Date
CN113010494A true CN113010494A (en) 2021-06-22

Family

ID=76409514

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110288999.4A Pending CN113010494A (en) 2021-03-18 2021-03-18 Database auditing method and device and database proxy server

Country Status (1)

Country Link
CN (1) CN113010494A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113704825A (en) * 2021-09-08 2021-11-26 上海观安信息技术股份有限公司 Database auditing method, device and system and computer storage medium
CN114462373A (en) * 2022-02-09 2022-05-10 星环信息科技(上海)股份有限公司 Audit rule determination method and device, electronic equipment and storage medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7117197B1 (en) * 2000-04-26 2006-10-03 Oracle International Corp. Selectively auditing accesses to rows within a relational database at a database server
US20180365616A1 (en) * 2017-06-20 2018-12-20 Walmart Apollo, Llc Systems and methods for management of inventory audits
CN109325044A (en) * 2018-09-20 2019-02-12 快云信息科技有限公司 A kind of the audit log processing method and relevant apparatus of database
CN109359251A (en) * 2018-09-26 2019-02-19 江苏神州信源系统工程有限公司 Audit method for early warning, device and the terminal device of application system service condition
CN111104395A (en) * 2019-12-30 2020-05-05 武汉英迈信息科技有限公司 Database auditing method, device, storage medium and device
CN112506954A (en) * 2020-12-25 2021-03-16 新浪网技术(中国)有限公司 Database auditing method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7117197B1 (en) * 2000-04-26 2006-10-03 Oracle International Corp. Selectively auditing accesses to rows within a relational database at a database server
US20180365616A1 (en) * 2017-06-20 2018-12-20 Walmart Apollo, Llc Systems and methods for management of inventory audits
CN109325044A (en) * 2018-09-20 2019-02-12 快云信息科技有限公司 A kind of the audit log processing method and relevant apparatus of database
CN109359251A (en) * 2018-09-26 2019-02-19 江苏神州信源系统工程有限公司 Audit method for early warning, device and the terminal device of application system service condition
CN111104395A (en) * 2019-12-30 2020-05-05 武汉英迈信息科技有限公司 Database auditing method, device, storage medium and device
CN112506954A (en) * 2020-12-25 2021-03-16 新浪网技术(中国)有限公司 Database auditing method and device

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113704825A (en) * 2021-09-08 2021-11-26 上海观安信息技术股份有限公司 Database auditing method, device and system and computer storage medium
CN114462373A (en) * 2022-02-09 2022-05-10 星环信息科技(上海)股份有限公司 Audit rule determination method and device, electronic equipment and storage medium
CN114462373B (en) * 2022-02-09 2022-11-15 星环信息科技(上海)股份有限公司 Audit rule determination method and device, electronic equipment and storage medium

Similar Documents

Publication Publication Date Title
US11379475B2 (en) Analyzing tags associated with high-latency and error spans for instrumented software
US10248674B2 (en) Method and apparatus for data quality management and control
KR102522274B1 (en) User grouping method, apparatus thereof, computer, computer-readable recording medium and computer program
CN112491602B (en) Behavior data monitoring method and device, computer equipment and medium
CN108156141B (en) Real-time data identification method and device and electronic equipment
CN112434015B (en) Data storage method and device, electronic equipment and medium
CN113010494A (en) Database auditing method and device and database proxy server
CN112307122A (en) Data lake-based data management system and method
CN115357590A (en) Recording method and device for data change, electronic device and storage medium
CN112306700A (en) Abnormal RPC request diagnosis method and device
CN110430070B (en) Service state analysis method, device, server, data analysis equipment and medium
CN108255967B (en) Method and device for calling storage process, storage medium and terminal
JP2022162162A (en) Storage and structured search of historical security data
CN110020166A (en) A kind of data analysing method and relevant device
CN114281549A (en) Data processing method and device
CN114490246A (en) Monitoring method, monitoring device, electronic equipment and storage medium
CN109299613B (en) Database partition authority setting method and terminal equipment
CN109828970B (en) Information processing method and device and electronic equipment
CN112947844A (en) Data storage method and device, electronic equipment and medium
CN111163088B (en) Message processing method, system and device and electronic equipment
CN114328755B (en) Data writing method, data reading device and electronic equipment
KR102656541B1 (en) Device, method and program that analyzes large log data using a distributed method for each log type
CN111459411B (en) Data migration method, device, equipment and storage medium
Ye An Evaluation on Using Coarse-grained Events in an Event Sourcing Context and its Effects Compared to Fine-grained Events
CN114648323A (en) Service scene oriented call chain processing method, device and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination