Re: Auditing and Postgres 7.3

I think that having an audit trail would be a very good feature for
PostgreSQL. And I especially like the idea of superuser being able to
audit unprivileged users (Turn it on for users one things are abusing
the system, etc) rather than just on specific tables.

On Wed, 2002-01-23 at 03:18, Gavin Sherry wrote:
> Hi all,
>
> I've been thinking implementing auditing for Postgres 7.3 and wanted to
> see if anyone had any thoughts about it.
>
> Auditing would allow a user to log queries executed upon different
> 'schema' objects - I use the loose sense of the word here. The user would
> be able to define the type of query - insert, delete, etc - as well as
> choose to log only those queries which were successful or otherwise.
>
> The superuser would be able to audit unprivileged users. Unprivileged
> users would only be able to produce an audit trail upon objects which
> he/she owns or has been granted audit privileges to.
>
> The audit trail would be written either to a new internal system table,
> pg_audit, or optionally a file on the file system. I imagine that an
> external program would also be needed to read/dump the audit trail.
>
> So what would an audit trail consist of?
>
> timestamp
> query type
> query
> query result (successful|unsuccessful)
> audit object oid
>
> I haven't really thought about this too hard just yet but thought I'd see
> if people considered this to be a useful addition to Postgres or not, or
> if I was going about this the wrong way.
>
> Gavin
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 4: Don't 'kill -9' the postmaster
--

Virtually,
Ned Wolpert <ned(dot)wolpert(at)knowledgenet(dot)com>

D08C2F45: 28E7 56CB 58AC C622 5A51 3C42 8B2B 2739 D08C 2F45