Why Database Audit Is Running Properly But Generates No Audit Records?
Symptom:
The functions of the Database Audit instance are normal. When there is database traffic, audit information about the executed SQL statement cannot be found in the SQL statement list.
Possible causes:
SSL is enabled for the database.
ForceEncryption is enabled for the SQL Server database protocol.
The data volume is too large. As a result, the Agent process is suspended. You can restart the container or optimize audit rules to reduce the data volume.
Note: If SSL is enabled for a database, the database cannot be audited. To disable SSL for a database, see FAQs->Usage->How Do I Disable SSL for a Database?
If ForceEncryption is enabled for a database, Database Audit cannot obtain file content from the database for analysis.
Alarm Notifications Are Abnormal
Symptom:
The Database Audit instance is running properly. An alarm about a high-risk statement alarm is sent via email, but no high-risk SQL statements are displayed on the console.
Alarm email sending is delayed.
Possible causes:
There are too many audit logs and data audit is delayed.
Suggestion:
Add Database Audit instances and balance the loads processed by each instance. Alternatively, modify audit rules to narrow down the audit scope.
Create an automated hourly backup task to prevent log deletion, which will be triggered if the disk usage reaches 85%.