Re: How to find table creation time

Hi Walter,

Thanks for your feedback and suggestions. Although I believe you may have misunderstood or assumed a few key points on this thread. The original question was just to get the creation time of tables. I answered that question and gave an example of different ideas on how the increased logging could benefit your infrastructure. 

In terms of auditing ddl changes in the logs, yes I do want an email. We all have different rules and regulations we need to follow. Most of us have more than one dba (or superuser) working in house. Or maybe you just started at a new place and wanted to quickly get a handle on whats going on. 

As for disaster recovery, I like to take the approach of “when it happens” more than “it will never happen because I did xyz.” It will rain, lets be ready for it. I was not implying to forgo a “security audit” or give every user super permissions, that will be just silly. In fact we just underwent a security review here but I would still like to have this in place. This additional logging/parsing is a second line of defense. When it does go down (think junior dba or oops I thought that was dev) at least you will know right away, have the exact second it happened and a paper trail. Pretty nice uh? I bet the boy scouts would be jealous about that:) 

Embrace those logs, parse them out, send emails, alerts, whatever.  Nobody, system, or process is perfect. It will rain, how prepared are you going to be? 

Hoping for many sunny days ahead!

-jason 

On April 7, 2014 at 6:26:38 PM, Walter Hurry (walterhurry(at)gmail(dot)com) wrote:

Jason Mathis wrote:

> someone “sneaking in” a change. Or even think about data recovery, “what time did you drop that production table?”

Whaaat? You need to do a security review *now*. These possibilities indicate anarchy, and are a sure recipe for disaster. Someone has dropped a production table and you want it to be logged, or to be emailed about it?

You don't *grant* privileges to drop production tables to all and sundry.

--
Sent via pgsql-admin mailing list (pgsql-admin(at)postgresql(dot)org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin

--

This transmission contains confidential and privileged information intended
solely for the party identified above. If you receive this message in
error, you must not use it or convey it to others. Please destroy it
immediately and contact the sender at (303) 386-3955 or by return e-mail to
the sender.