Re: pgaudit - an auditing extension for PostgreSQL

From: Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com>
To: Fujii Masao <masao(dot)fujii(at)gmail(dot)com>
Cc: Ian Barwick <ian(at)2ndquadrant(dot)com>, pgsql-hackers(at)postgresql(dot)org
Subject: Re: pgaudit - an auditing extension for PostgreSQL
Date: 2014-06-23 10:51:53
Views: Raw Message | Whole Thread | Download mbox | Resend email
Lists: pgsql-hackers

(I'm replying as co-author of pgaudit.)

At 2014-06-23 19:15:39 +0900, masao(dot)fujii(at)gmail(dot)com wrote:
> You added this into CF, but its patch has not been posted yet. Are you
> planning to make a patch?

It's a self-contained contrib module. I thought Ian had posted a
tarball, but it looks like he forgot to attach it (or decided to
provide only a Github link). I've attached a tarball here for
your reference.

> > Planned future improvements include:
> >
> > 1. Additional logging facilities, including to a separate audit
> > log file and to syslog, and potentially logging to a table
> > (possibly via a bgworker process). Currently output is simply
> > emitted to the server log via ereport().
> >
> > 2. To implement per-object auditing configuration, it would be nice
> > to use extensible reloptions (or an equivalent mechanism)
> Is it possible to implement these outside PostgreSQL by using hooks?

There are some unresolved questions with #2 because the extensible
reloptions patch seems to have lost favour, but I'm pretty sure we
could figure out some alternative.

> If not, it might be better to implement audit feature in core from the
> beginning.

Sure, we're open to that possibility. Do you have any ideas about what
an in-core implementation should do/look like?

-- Abhijit

Attachment Content-Type Size
pgaudit.tgz application/x-gtar 13.5 KB

In response to


Browse pgsql-hackers by date

  From Date Subject
Next Message David Rowley 2014-06-23 11:06:59 Re: Allowing join removals for more join types
Previous Message Andres Freund 2014-06-23 10:48:07 Re: idle_in_transaction_timeout