| From: | David Steele <david(at)pgmasters(dot)net> |
|---|---|
| To: | Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: some requests on auditing |
| Date: | 2016-08-31 13:39:01 |
| Message-ID: | a23e2099-bfe4-e5e5-dd3b-286ae6540038@pgmasters.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On 8/30/16 10:12 AM, Pavel Stehule wrote:
> I am working on pgaudit customization for one my customer.
>
> There are few requests:
>
> 1. flat format without complex types, without nesting - CSV is ideal.
> 2. all important attributes should be separated - is not possible to
> search in original queries: table name, database name, role name, rights.
> 3. if it is possible - own log file
> 4. one statement can have more rows (flat format is required), but it
> should be logged only once success/failed
> 5. any activity should be logged
You may want to take a look at pgaudit_analyze which I think addresses
#1, #2, and #4:
https://github.com/pgaudit/pgaudit/tree/master/analyze
#3 is not likely without changes to logging in Postgres. However, there
are plenty of tools for log analysis (e.g. ELK) that might help and a
Postgres extension that allows log messages to be directed elsewhere
(can't remember the name but Gabrielle or Simon would know).
As for #5, which activities aren't being logged?
--
-David
david(at)pgmasters(dot)net
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Peter Eisentraut | 2016-08-31 13:41:26 | Re: [GENERAL] C++ port of Postgres |
| Previous Message | Simon Riggs | 2016-08-31 13:32:00 | Re: WAL consistency check facility |