Re: pgsql: Add pg_audit, an auditing extension

Hi

I am testing it, and output is strange

2015-05-15 11:49:25.046 CEST pavel postgres: LOG: AUDIT:
SESSION,1,1,DDL,DROP TABLE,,,drop table foo;,<not logged>
2015-05-15 11:49:25.046 CEST pavel postgres: STATEMENT: drop table foo;
2015-05-15 11:49:28.291 CEST pavel postgres: LOG: AUDIT:
SESSION,2,1,DDL,CREATE TABLE,,,"CREATE TABLE foo(a int, b int);",<not
logged>
2015-05-15 11:49:28.291 CEST pavel postgres: STATEMENT: CREATE TABLE foo(a
int, b int);
2015-05-15 11:49:31.486 CEST pavel postgres: LOG: AUDIT:
SESSION,3,1,WRITE,INSERT,,,"INSERT INTO foo VALUES(10,20);",<not logged>
2015-05-15 11:49:31.486 CEST pavel postgres: STATEMENT: INSERT INTO foo
VALUES(10,20);
2015-05-15 11:49:33.446 CEST pavel postgres: LOG: AUDIT:
SESSION,4,1,READ,SELECT,,,SELECT * FROM foo WHERE a = 10;,<not logged>
2015-05-15 11:49:33.446 CEST pavel postgres: STATEMENT: SELECT * FROM foo
WHERE a = 10;

I am missing object name, unexpected string <not logged>

configuration:
pg_audit.log = 'read, write, ddl'

2015-05-14 21:30 GMT+02:00 Stephen Frost <sfrost(at)snowman(dot)net>:

> * Stephen Frost (sfrost(at)snowman(dot)net) wrote:
> > I'll continue to think about it though, perhaps there's a way I can
> > disable logging as the superuser without it logging the role involved.
>
> Of course, it occured to me how to address this immediately after, even
> though it hadn't in the hour or so prior. I can just bump
> client_min_messages up to warning and then reset the role attributes...
>
> That appears to be working. Will push an update to fix this shortly.
>
> Thanks!
>
> Stephen
>