public inbox for [email protected]
help / color / mirror / Atom feedRe: Best Tool for PostgreSQL Auditing and Storing Audit Logs Separately
6+ messages / 3 participants
[nested] [flat]
* Re: Best Tool for PostgreSQL Auditing and Storing Audit Logs Separately
@ 2025-04-16 18:43 Ron Johnson <[email protected]>
0 siblings, 2 replies; 6+ messages in thread
From: Ron Johnson @ 2025-04-16 18:43 UTC (permalink / raw)
To: pgsql-generallists.postgresql.org <[email protected]>
You'll have to bring that up with the PgAudit maintainer. Note, though,
that the purpose of PgAudit is not "recreate the database from audit logs";
it's "what Auditors care about". In my experience, auditors do not care
about COMMIT and ROLLBACK statements.
On Wed, Apr 16, 2025 at 1:35 PM Achilleas Mantzios <
[email protected]> wrote:
> On 16/4/25 15:36, Ron Johnson wrote:
>
>
> pgaudit is statement-level, not transaction-level; that's its nature.
> This is the same as log_statement.
>
> ok, but log_statement prints ROLLBACKs/COMMITs, but pgaudit not.
>
>
> On Wed, Apr 16, 2025 at 5:10 AM Achilleas Mantzios - cloud <
> [email protected]> wrote:
>
>> On 4/15/25 12:14, KENAN ÇİFTÇİ wrote:
>>
>> Hi,
>>
>> You can use pgaudit and pgauditlogtofile extension (
>> https://github.com/fmbiete/pgauditlogtofile) together to write audit
>> logs in a separate file.
>>
>> One issue we have with pgaudit is that it prints AUDIT records even if
>> the xaction gets rollbacked, how do you alleviate that ?
>>
>>
>> yours,
>>
>> Kenan Çiftçi
>>
>> On Tue, Apr 15, 2025 at 1:44 PM vijay patil <[email protected]>
>> wrote:
>>
>>> Hi All,
>>>
>>> We are exploring auditing solutions for our PostgreSQL database and are
>>> considering using pgaudit for this purpose. However, we have a few
>>> questions:
>>>
>>> 1.
>>>
>>> *What is the best tool for auditing PostgreSQL databases?*
>>> -
>>>
>>> We are specifically looking for a solution that offers detailed
>>> auditing capabilities and is compatible with our setup.
>>> 2.
>>>
>>> *Can we store the audit information separately from PostgreSQL logs
>>> if we decide to use pgaudit?*
>>> -
>>>
>>> We would prefer to keep the audit logs in a separate file or
>>> location for easier management and analysis.
>>>
>>>
>>> We appreciate any help or suggestions!
>>>
>>>
>>> Thanks
>>>
>>> Vijay
>>>
>>
>
> --
> Death to <Redacted>, and butter sauce.
> Don't boil me, I'm still alive.
> <Redacted> lobster!
>
>
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Best Tool for PostgreSQL Auditing and Storing Audit Logs Separately
@ 2025-04-16 19:15 Achilleas Mantzios <[email protected]>
parent: Ron Johnson <[email protected]>
1 sibling, 1 reply; 6+ messages in thread
From: Achilleas Mantzios @ 2025-04-16 19:15 UTC (permalink / raw)
To: [email protected]
On 16/4/25 21:43, Ron Johnson wrote:
>
> You'll have to bring that up with the PgAudit maintainer. Note,
> though, that the purpose of PgAudit is not "recreate the database from
> audit logs"; it's "what Auditors care about". In my experience,
> auditors do not care about COMMIT and ROLLBACK statements.
In my experience auditors care a lot about a statement that happened
versus a statement that didn't happen.
>
> On Wed, Apr 16, 2025 at 1:35 PM Achilleas Mantzios
> <[email protected]> wrote:
>
> On 16/4/25 15:36, Ron Johnson wrote:
>
>>
>> pgaudit is statement-level, not transaction-level; that's its
>> nature. This is the same as log_statement.
> ok, but log_statement prints ROLLBACKs/COMMITs, but pgaudit not.
>>
>> On Wed, Apr 16, 2025 at 5:10 AM Achilleas Mantzios - cloud
>> <[email protected]> wrote:
>>
>> On 4/15/25 12:14, KENAN ÇİFTÇİ wrote:
>>
>>> Hi,
>>>
>>> You can use pgaudit and pgauditlogtofile extension
>>> (https://github.com/fmbiete/pgauditlogtofile) together to
>>> write audit logs in a separate file.
>> One issue we have with pgaudit is that it prints AUDIT
>> records even if the xaction gets rollbacked, how do you
>> alleviate that ?
>>>
>>> yours,
>>>
>>> Kenan Çiftçi
>>>
>>> On Tue, Apr 15, 2025 at 1:44 PM vijay patil
>>> <[email protected]> wrote:
>>>
>>> Hi All,
>>>
>>> We are exploring auditing solutions for our PostgreSQL
>>> database and are considering using |pgaudit| for this
>>> purpose. However, we have a few questions:
>>>
>>> 1.
>>>
>>> *What is the best tool for auditing PostgreSQL
>>> databases?*
>>>
>>> *
>>>
>>> We are specifically looking for a solution that
>>> offers detailed auditing capabilities and is
>>> compatible with our setup.
>>>
>>> 2.
>>>
>>> *Can we store the audit information separately from
>>> PostgreSQL logs if we decide to use |pgaudit|?*
>>>
>>> *
>>>
>>> We would prefer to keep the audit logs in a
>>> separate file or location for easier management
>>> and analysis.
>>>
>>>
>>> We appreciate any help or suggestions!
>>>
>>>
>>> Thanks
>>>
>>> Vijay
>>>
>>
>>
>> --
>> Death to <Redacted>, and butter sauce.
>> Don't boil me, I'm still alive.
>> <Redacted> lobster!
>
>
>
> --
> Death to <Redacted>, and butter sauce.
> Don't boil me, I'm still alive.
> <Redacted> lobster!
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Best Tool for PostgreSQL Auditing and Storing Audit Logs Separately
@ 2025-04-16 19:34 Ron Johnson <[email protected]>
parent: Achilleas Mantzios <[email protected]>
0 siblings, 0 replies; 6+ messages in thread
From: Ron Johnson @ 2025-04-16 19:34 UTC (permalink / raw)
To: pgsql-general
On Wed, Apr 16, 2025 at 3:15 PM Achilleas Mantzios <
[email protected]> wrote:
> On 16/4/25 21:43, Ron Johnson wrote:
>
>
> You'll have to bring that up with the PgAudit maintainer. Note, though,
> that the purpose of PgAudit is not "recreate the database from audit logs";
> it's "what Auditors care about". In my experience, auditors do not care
> about COMMIT and ROLLBACK statements.
>
> In my experience auditors care a lot about a statement that happened
> versus a statement that didn't happen.
>
The SELECT statement happened. The DELETE statement successfully
completed. That it was rolled back is great, but the DELETE statement
still successfully completed.
If you don't like that ROLLBACK and COMMIT are not captured by PgAudit,
open a Request For Feature issue: https://github.com/pgaudit/pgaudit/issues.
Or write a patch then submit a pull request.
>
> On Wed, Apr 16, 2025 at 1:35 PM Achilleas Mantzios <
> [email protected]> wrote:
>
>> On 16/4/25 15:36, Ron Johnson wrote:
>>
>>
>> pgaudit is statement-level, not transaction-level; that's its nature.
>> This is the same as log_statement.
>>
>> ok, but log_statement prints ROLLBACKs/COMMITs, but pgaudit not.
>>
>>
>> On Wed, Apr 16, 2025 at 5:10 AM Achilleas Mantzios - cloud <
>> [email protected]> wrote:
>>
>>> On 4/15/25 12:14, KENAN ÇİFTÇİ wrote:
>>>
>>> Hi,
>>>
>>> You can use pgaudit and pgauditlogtofile extension (
>>> https://github.com/fmbiete/pgauditlogtofile) together to write audit
>>> logs in a separate file.
>>>
>>> One issue we have with pgaudit is that it prints AUDIT records even if
>>> the xaction gets rollbacked, how do you alleviate that ?
>>>
>>>
>>> yours,
>>>
>>> Kenan Çiftçi
>>>
>>> On Tue, Apr 15, 2025 at 1:44 PM vijay patil <[email protected]>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> We are exploring auditing solutions for our PostgreSQL database and are
>>>> considering using pgaudit for this purpose. However, we have a few
>>>> questions:
>>>>
>>>> 1.
>>>>
>>>> *What is the best tool for auditing PostgreSQL databases?*
>>>> -
>>>>
>>>> We are specifically looking for a solution that offers detailed
>>>> auditing capabilities and is compatible with our setup.
>>>> 2.
>>>>
>>>> *Can we store the audit information separately from PostgreSQL logs
>>>> if we decide to use pgaudit?*
>>>> -
>>>>
>>>> We would prefer to keep the audit logs in a separate file or
>>>> location for easier management and analysis.
>>>>
>>>>
>>>> We appreciate any help or suggestions!
>>>>
>>>>
>>>> Thanks
>>>>
>>>> Vijay
>>>>
>>>
>>
>> --
>> Death to <Redacted>, and butter sauce.
>> Don't boil me, I'm still alive.
>> <Redacted> lobster!
>>
>>
>
> --
> Death to <Redacted>, and butter sauce.
> Don't boil me, I'm still alive.
> <Redacted> lobster!
>
>
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Best Tool for PostgreSQL Auditing and Storing Audit Logs Separately
@ 2025-04-16 19:42 Nico Williams <[email protected]>
parent: Ron Johnson <[email protected]>
1 sibling, 1 reply; 6+ messages in thread
From: Nico Williams @ 2025-04-16 19:42 UTC (permalink / raw)
To: Ron Johnson <[email protected]>; +Cc: pgsql-generallists.postgresql.org <[email protected]>
On Wed, Apr 16, 2025 at 02:43:59PM -0400, Ron Johnson wrote:
> You'll have to bring that up with the PgAudit maintainer. Note, though,
> that the purpose of PgAudit is not "recreate the database from audit logs";
> it's "what Auditors care about". In my experience, auditors do not care
> about COMMIT and ROLLBACK statements.
I would care about what happened. To know what happened I'd have to see
either only audit logs for committed transactions, or also see the
COMMIT and ROLLBACK statements.
Nico
--
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Best Tool for PostgreSQL Auditing and Storing Audit Logs Separately
@ 2025-04-16 19:53 Ron Johnson <[email protected]>
parent: Nico Williams <[email protected]>
0 siblings, 1 reply; 6+ messages in thread
From: Ron Johnson @ 2025-04-16 19:53 UTC (permalink / raw)
To: pgsql-generallists.postgresql.org <[email protected]>
On Wed, Apr 16, 2025 at 3:42 PM Nico Williams <[email protected]> wrote:
> On Wed, Apr 16, 2025 at 02:43:59PM -0400, Ron Johnson wrote:
> > You'll have to bring that up with the PgAudit maintainer. Note, though,
> > that the purpose of PgAudit is not "recreate the database from audit
> logs";
> > it's "what Auditors care about". In my experience, auditors do not care
> > about COMMIT and ROLLBACK statements.
>
> I would care about what happened. To know what happened I'd have to see
> either only audit logs for committed transactions, or also see the
> COMMIT and ROLLBACK statements.
>
Decode the logical replication stream?
--
Death to <Redacted>, and butter sauce.
Don't boil me, I'm still alive.
<Redacted> lobster!
^ permalink raw reply [nested|flat] 6+ messages in thread
* Re: Best Tool for PostgreSQL Auditing and Storing Audit Logs Separately
@ 2025-04-16 19:59 Nico Williams <[email protected]>
parent: Ron Johnson <[email protected]>
0 siblings, 0 replies; 6+ messages in thread
From: Nico Williams @ 2025-04-16 19:59 UTC (permalink / raw)
To: Ron Johnson <[email protected]>; +Cc: pgsql-generallists.postgresql.org <[email protected]>
On Wed, Apr 16, 2025 at 03:53:53PM -0400, Ron Johnson wrote:
> On Wed, Apr 16, 2025 at 3:42 PM Nico Williams <[email protected]> wrote:
> > I would care about what happened. To know what happened I'd have to see
> > either only audit logs for committed transactions, or also see the
> > COMMIT and ROLLBACK statements.
>
> Decode the logical replication stream?
Yes, or use Debezium or the like which... do just that.
^ permalink raw reply [nested|flat] 6+ messages in thread
end of thread, other threads:[~2025-04-16 19:59 UTC | newest]
Thread overview: 6+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2025-04-16 18:43 Re: Best Tool for PostgreSQL Auditing and Storing Audit Logs Separately Ron Johnson <[email protected]>
2025-04-16 19:15 ` Achilleas Mantzios <[email protected]>
2025-04-16 19:34 ` Ron Johnson <[email protected]>
2025-04-16 19:42 ` Nico Williams <[email protected]>
2025-04-16 19:53 ` Ron Johnson <[email protected]>
2025-04-16 19:59 ` Nico Williams <[email protected]>
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox