Received: from malur.postgresql.org ([217.196.149.56]) by arkaria.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u57k8-00CdFz-BF for pgsql-general@arkaria.postgresql.org; Wed, 16 Apr 2025 18:44:16 +0000 Received: from localhost ([127.0.0.1] helo=malur.postgresql.org) by malur.postgresql.org with esmtp (Exim 4.94.2) (envelope-from ) id 1u57k4-0031zA-RQ for pgsql-general@arkaria.postgresql.org; Wed, 16 Apr 2025 18:44:13 +0000 Received: from makus.postgresql.org ([2001:4800:3e1:1::229]) by malur.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1u57k4-0031z1-CT for pgsql-general@lists.postgresql.org; Wed, 16 Apr 2025 18:44:13 +0000 Received: from mail-ot1-x330.google.com ([2607:f8b0:4864:20::330]) by makus.postgresql.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.96) (envelope-from ) id 1u57k3-000PpG-05 for pgsql-general@lists.postgresql.org; Wed, 16 Apr 2025 18:44:12 +0000 Received: by mail-ot1-x330.google.com with SMTP id 46e09a7af769-72c09f8369cso2030217a34.3 for ; Wed, 16 Apr 2025 11:44:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1744829050; x=1745433850; darn=lists.postgresql.org; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=ULkrpcoVqN9Hz94eNIOsapNZP4iQ0bhXwW14886IUSo=; b=IuAv5NU2ydAWOcXl/mbH6YnovBP9PQDlmKBK/3fmWlxrJ1sekcvEn1zUTtg9wadtKA 8YQk7uYnYLsSOpUuScgDgkRyUBxhSonNQ+WwTIBlPgXWZ6fm3x0hqcyQfx6u/DQlIKcY HOicwHYVHOkBRHNHE0WQ+FY8/O4dQxnC6UFWD3dEr6M/gFq2VZ1NEXef5gGRJ/ZVzRYw 6R/8aMOgyZd6TBi1UOQFyuYMfvmnm0Na9pQ7i/XptrSsyqR/zvOXs5bxK0Ms9fYBCmAf xZdypp6cDP7KmzgtDrQSp+u3jZkivVpEQP39H55qP4zJMkV856R1WBCFPqay2GZYd4PD LAgw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1744829050; x=1745433850; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=ULkrpcoVqN9Hz94eNIOsapNZP4iQ0bhXwW14886IUSo=; b=gkjCh9hVRXOrmKeo2L5LTydCZaPcIw4OgB1LBigpdouBXe9K9fFRW8Q17LcYg/ZaPV SDxc8mYlf+snOqfMyigsTualvXhrk4as/4cNcUr7Wh4auXLYtHxBXEkPx4zj+HXwkdjC arL+f5YpCn6GQ2RmdjCAscU0lufhvTJrWwlZu2Eqlm4acsaZ6qeKRZDh4lT6k3D/1jbu qZXvRkaHXwi5COkFTZ5KNVOZkKrjl/p4u+Edk/nJ88dxTOD/Hq1XQ4iFkOJjEqzFmbbK zAKf0CzNtLP6VPU/wivZfyPTM8zi53k6oqy2IgBvTlCPvWGRFU7mqD4fWDYYXexfWasZ 8bvA== X-Gm-Message-State: AOJu0Yy8rAC5+BurQ8Ls/92OOmHM3+nIVKXu3u4lpVWt2w30xUIKQD1N Y6a0qTb+64ZXJUChA0QU0VUzqpaLG7I7m8jJaXhvHL0pa71NzYINTbjn5m0X2Xb78NjZlwUrIad DW0E/pjsGFjgsVETvXa9B1MIghgtDHQ== X-Gm-Gg: ASbGncsPlNyDRdzWWjEXyNDcPC6BqnbMUmoA9ztb1Uv/awfPXRbiV78MZNdkZibo80y xrwMnQhyVwkeoQuyrhH78N6xAPaRFixCW4tyuJFYohlBlO7li5Y/UMMh/X8aQZuQUKzxPA1MOBN eDUw5FyNtD6rMMn8nXULptiy0VXCV2fnal5JqS0eEIgbfcFB+EtrlamrAp X-Google-Smtp-Source: AGHT+IGtdYH5kE1ZItZX4Et5iVOE6Ibpcw+Dxuc3UVq1XA9ytwMR62m6MKX2SLUb9Wd0UALCCIHgk0MrqU0maK7DxRA= X-Received: by 2002:a05:6808:3c4a:b0:3f5:50f3:4a6b with SMTP id 5614622812f47-400b01d5870mr2140894b6e.17.1744829050459; Wed, 16 Apr 2025 11:44:10 -0700 (PDT) MIME-Version: 1.0 References: <54b3d612-363e-4c05-8a08-a7563c7d52f1@cloud.gatewaynet.com> In-Reply-To: From: Ron Johnson Date: Wed, 16 Apr 2025 14:43:59 -0400 X-Gm-Features: ATxdqUFwTbqmB_PJ7hq0O8wj9UNjo2mXrHeB7GqhfZkLtCP3wBc_jkhKGdJRi3w Message-ID: Subject: Re: Best Tool for PostgreSQL Auditing and Storing Audit Logs Separately To: "pgsql-generallists.postgresql.org" Content-Type: multipart/alternative; boundary="000000000000bf211d0632e9ab74" List-Id: List-Help: List-Subscribe: List-Post: List-Owner: List-Archive: Archived-At: Precedence: bulk --000000000000bf211d0632e9ab74 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable You'll have to bring that up with the PgAudit maintainer. Note, though, that the purpose of PgAudit is not "recreate the database from audit logs"; it's "what Auditors care about". In my experience, auditors do not care about COMMIT and ROLLBACK statements. On Wed, Apr 16, 2025 at 1:35=E2=80=AFPM Achilleas Mantzios < a.mantzios@cloud.gatewaynet.com> wrote: > On 16/4/25 15:36, Ron Johnson wrote: > > > pgaudit is statement-level, not transaction-level; that's its nature. > This is the same as log_statement. > > ok, but log_statement prints ROLLBACKs/COMMITs, but pgaudit not. > > > On Wed, Apr 16, 2025 at 5:10=E2=80=AFAM Achilleas Mantzios - cloud < > a.mantzios@cloud.gatewaynet.com> wrote: > >> On 4/15/25 12:14, KENAN =C3=87=C4=B0FT=C3=87=C4=B0 wrote: >> >> Hi, >> >> You can use pgaudit and pgauditlogtofile extension ( >> https://github.com/fmbiete/pgauditlogtofile) together to write audit >> logs in a separate file. >> >> One issue we have with pgaudit is that it prints AUDIT records even if >> the xaction gets rollbacked, how do you alleviate that ? >> >> >> yours, >> >> Kenan =C3=87ift=C3=A7i >> >> On Tue, Apr 15, 2025 at 1:44=E2=80=AFPM vijay patil >> wrote: >> >>> Hi All, >>> >>> We are exploring auditing solutions for our PostgreSQL database and are >>> considering using pgaudit for this purpose. However, we have a few >>> questions: >>> >>> 1. >>> >>> *What is the best tool for auditing PostgreSQL databases?* >>> - >>> >>> We are specifically looking for a solution that offers detailed >>> auditing capabilities and is compatible with our setup. >>> 2. >>> >>> *Can we store the audit information separately from PostgreSQL logs >>> if we decide to use pgaudit?* >>> - >>> >>> We would prefer to keep the audit logs in a separate file or >>> location for easier management and analysis. >>> >>> >>> We appreciate any help or suggestions! >>> >>> >>> Thanks >>> >>> Vijay >>> >> > > -- > Death to , and butter sauce. > Don't boil me, I'm still alive. > lobster! > > --=20 Death to , and butter sauce. Don't boil me, I'm still alive. lobster! --000000000000bf211d0632e9ab74 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable

You'll have to bring t= hat up with the PgAudit maintainer.=C2=A0 Note, though, that the purpose of= PgAudit is not "recreate the database from audit logs"; it's= "what Auditors care about".=C2=A0 In my experience, auditors do = not care about COMMIT and ROLLBACK statements.

On Wed, Apr 16, 2025 at 1:35=E2=80=AFPM Achilleas Mantzios <a.mantzios@cloud.gatewaynet= .com> wrote:
<= blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-l= eft:1px solid rgb(204,204,204);padding-left:1ex"> =20 =20 =20

On 16/4/25 15:36, Ron Johnson wrote:

=20

pgaudit is statement-level, not transaction-level; that's its nature.=C2=A0 This is the same as log_statement.
ok, but log_statement prints ROLLBACKs/COMMITs, but pgaudit not.

On Wed, Apr 16, 2025 at 5:10=E2=80=AFAM Achilleas Mantzios - cloud <a.mantzios@cloud.gatewaynet.com> wrote:

On 4/15/25 12:14, KENAN =C3=87=C4=B0FT=C3=87=C4=B0 wrote:<= /p>

One issue we have with pgaudit is that it prints AUDIT records even if the xaction gets rollbacked, how do you alleviate that ?

yours,

Kenan =C3=87ift=C3=A7i

On Tue, Apr 15, 202= 5 at 1:44=E2=80=AFPM vijay patil <vijay.postgres@gmail.com> wrote:

Hi All,

We are exploring auditing solutions for our PostgreSQL database and are considering using pgaudit for this purpose. However, we have a few questions:

  1. What is the best tool for auditing PostgreSQL databases?

    • We are specifically looking for a solution that offers detailed auditing capabilities and is compatible with our setup.

  2. Can we store the audit information separately from PostgreSQL logs if we decide to use pgaudit?

    • We would prefer to keep the audit logs in a separate file or location for easier management and analysis.


We appreciate any help or suggestions!


Thanks

Vijay



--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!


--
Death to <Redacted>, and butter sauce.Don't boil me, I'm still alive.
<Redacted> lobs= ter!
--000000000000bf211d0632e9ab74--