Re: What happens when PostgreSQL fails to log to SYSLOG

On Wed, Jul 11, 2012 at 10:47 AM, Arnold, Sandra <ArnoldS(at)osti(dot)gov> wrote:

> Tablelog would be ok for keeping up with transactions for tables.
> However, we also need to audit who connects successfully and
> unsuccessfully. As far as I am aware, if a user fails to log in
> successfully, say three times, PostgreSQL is not able to lock the account
> for 9.0. Is this the case for 9.1 as well?

This is off topic for your question, but locking an account after a small
number of failures is a bad security practice. It's an invitation for a
denial-of-service attack. Anyone who knows anyone else's account name can
lock them out. Anyone who gets a list of accounts can lock up the whole
system.

Craig

> This is the version that I will be installing that I am writing the
> Security controls for. There are several events that I have to Audit and
> table transactions are just a small part of it. The events I need to audit
> are listed below:
>
> - Unauthorized User Access
> - Changes to User Privileges
> - Changes to Audit Policy
> - Reset User Password
> - New User created in Database
> - Users dropped from Database
> - Invalid Login Attempts
>
> Sandra Arnold
> Senior Database Administrator
> Contractor to DOE/OSTI
> Information International Associates (IIA)
>
>
>
> -----Original Message-----
> From: Joshua D. Drake [mailto:jd(at)commandprompt(dot)com]
> Sent: Tuesday, July 10, 2012 4:31 PM
> To: Arnold, Sandra
> Cc: pgsql-admin(at)postgresql(dot)org
> Subject: Re: [ADMIN] What happens when PostgreSQL fails to log to SYSLOG
>
>
> On 07/10/2012 01:08 PM, Arnold, Sandra wrote:
> > I am trying to find out what PostgreSQL does when it cannot write to
> > its SYSLOG file, whether it is permissions or the file system where
> > the log resides is full is the problem.
>
> PostgreSQL doesn't write to a SYSLOG file. It sends it to the syslog
> daemon. (if you are indeed using syslog)
>
> > Does PostgreSQL stall, does it rollback the transaction it cannot log
> > to the SYSLOG, or does it continue on as if there is not an issue?
>
> This is a non-issue in terms of transactions and operations.
>
>
> > I am writing Security controls and since I am using the SYSLOG for
> > auditing purposes and I need to document what happens in case there
> > was a failure in writing to the SYSLOG. For instance, Oracle
> > rollbacks any transactions that are being audited it cannot write to
> > its audit logs. Just want to know what PostgreSQL does.
> >
>
> You should probably look at tablelog for auditing. It automates it.
> Syslog is not really a good way to handle that.
>
> Sincerely,
>
> Joshua D. Drake
>
>
> --
> Command Prompt, Inc. - http://www.commandprompt.com/ PostgreSQL Support,
> Training, Professional Services and Development The PostgreSQL Conference -
> http://www.postgresqlconference.org/
> @cmdpromptinc - @postgresconf - 509-416-6579
>
>
>
> --
> Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
> To make changes to your subscription:
> http://www.postgresql.org/mailpref/pgsql-admin
>