Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tmwbI-000Ro9-6Q
	for pgsql-general@arkaria.postgresql.org; Tue, 25 Feb 2025 15:12:00 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1tmwbG-003YX8-PB
	for pgsql-general@arkaria.postgresql.org; Tue, 25 Feb 2025 15:11:58 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1tmwbG-003YWR-DI
	for pgsql-general@lists.postgresql.org; Tue, 25 Feb 2025 15:11:58 +0000
Received: from fhigh-a7-smtp.messagingengine.com ([103.168.172.158])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.96)
	(envelope-from <adrian.klaver@aklaver.com>)
	id 1tmwbD-0001B3-1a
	for pgsql-general@postgresql.org;
	Tue, 25 Feb 2025 15:11:57 +0000
Received: from phl-compute-09.internal (phl-compute-09.phl.internal [10.202.2.49])
	by mailfhigh.phl.internal (Postfix) with ESMTP id E24E311400D3;
	Tue, 25 Feb 2025 10:11:55 -0500 (EST)
Received: from phl-mailfrontend-01 ([10.202.2.162])
  by phl-compute-09.internal (MEProxy); Tue, 25 Feb 2025 10:11:55 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aklaver.com; h=
	cc:content-transfer-encoding:content-type:content-type:date:date
	:from:from:in-reply-to:in-reply-to:message-id:mime-version
	:references:reply-to:subject:subject:to:to; s=fm3; t=1740496315;
	 x=1740582715; bh=5YCB8cuW3ol9dd0JbBYcDc7eUzpYvOi+meEVa4bA+do=; b=
	QBWhE6icHrsjvoz5oumhmv3OF2emXprYgClj2frNabWXAddVgAjbAQR0H3f5WFrv
	0zJIGrrdjEI9ig8Q2QrDiXCs8bTmoYQUsrxCVDdW6MCWAYisAV4KnHNZTHuaqyYu
	zDqnLc/5opuwRwvGLr/iaN978BnECfjvrvQBAvWTcsOzDzyqvpS/NlifMQzlpI9M
	5NRKhDumk8GmZ9+wCfrK86wDfI8q/II9NF4saoiBU5P0vyYsviYA9rDPNmtBbWLZ
	/KX0Lu4FyW2jR4kEK+86QQ9hCrmJk71t8R66IAHCAnIdKhBU4lpcS4PXAKE8Vddw
	5pwx/QNYzcyJwHmqGPGjuQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:content-transfer-encoding:content-type
	:content-type:date:date:feedback-id:feedback-id:from:from
	:in-reply-to:in-reply-to:message-id:mime-version:references
	:reply-to:subject:subject:to:to:x-me-proxy:x-me-sender
	:x-me-sender:x-sasl-enc; s=fm1; t=1740496315; x=1740582715; bh=5
	YCB8cuW3ol9dd0JbBYcDc7eUzpYvOi+meEVa4bA+do=; b=3WfNxfT/MxlXfcg2+
	ZgKN1ZLYC+1S0XpGfjQJghd6mtYICtcCoq3pdad+0Boowj76+vjUxM0LmCtQ2ARW
	EbjXwXtE81OS2Pshm46NnnmnnWo7hk2pa1ZB96vzen3MFL7f+1JhEHnLbNOwq3XG
	Lr+LOSOkc+tY0pOTe2DLLQVJ070evZA2lmOtoEsRen6pAR48xlM4akfpM5fSRjuZ
	sTOSjI090fgwlwHgI6jtDWypH29nMn6s6g0XU6PYwoXcZ8JH6Hhh60D3YnTMZDO7
	lawBRobHy806zSMQlFRZ457eh3t3b+oDAr9VQHNFsCUcOIBtLVJj4evGcn/botvO
	pkY3Q==
X-ME-Sender: <xms:u929Z0Qb9y_azAIuipLDutB76I36PW9Ixhsix2hPOo5uNEf9wQzAPA>
    <xme:u929ZxzQW9HwMT9Qy-x1tXvRzWKGXGh6w5gQ2XBGc6--OKArCIJKyb8jAn1NvnC0h
    4rwjCBguSDfN5k>
X-ME-Received: <xmr:u929Zx0cQbpBvYtXyj6LSO6sGGUItv_WJUsaCMKJoWoPxIX9DjQPw9WV8PsHoVu-mzAdUtJrNHsxc89KrPd47JKaDSd4cw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeefvddrtddtgdekvddtvdcutefuodetggdotefrod
    ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpggftfghnshhusghstghrihgsvgdp
    uffrtefokffrpgfnqfghnecuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivg
    hnthhsucdlqddutddtmdenucfjughrpefkffggfgfuvfhfhfgjtgfgsehtjeertddtvdej
    necuhfhrohhmpeetughrihgrnhcumfhlrghvvghruceorggurhhirghnrdhklhgrvhgvrh
    esrghklhgrvhgvrhdrtghomheqnecuggftrfgrthhtvghrnhepkeefheduvdejiefgieef
    jedtudduffelvdefleehfedtieffuefgvdekleegtddvnecuffhomhgrihhnpehpohhsth
    hgrhgvshhqlhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgr
    ihhlfhhrohhmpegrughrihgrnhdrkhhlrghvvghrsegrkhhlrghvvghrrdgtohhmpdhnsg
    gprhgtphhtthhopedvpdhmohguvgepshhmthhpohhuthdprhgtphhtthhopehsrghkshhh
    ihdrsggvhhhlsegtrhgvughothhsrdgtohhmpdhrtghpthhtohepphhgshhqlhdqghgvnh
    gvrhgrlhesphhoshhtghhrvghsqhhlrdhorhhg
X-ME-Proxy: <xmx:u929Z4BymiJp9TAikId9CYLYhqTEKb5gwVhIqdU_tJGFJO2P0E6aQQ>
    <xmx:u929Z9iE5UiLrUiEGpOvZYhuBBqH_n1APJ8YveEAuGAGeN3gf-G6XA>
    <xmx:u929Z0o8Gof_oxN2diJ4pQXCOO5LFlMjof6mgWNz44wspKSGdx2J4w>
    <xmx:u929Zwi5K0vzxolqu2JsQfPSNYemWza2R7qR9O49tgZRPWaGcjzuoQ>
    <xmx:u929ZwtVGwuDkSxvB1V8Q8P9MnPBVwyMnNi__IRcD-LlV6i1dzlTEHyq>
Feedback-ID: i76984098:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA; Tue,
 25 Feb 2025 10:11:55 -0500 (EST)
Message-ID: <e904238e-8eaf-4d60-9371-37053bd0c38a@aklaver.com>
Date: Tue, 25 Feb 2025 07:11:54 -0800
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Subject: Re: PgSQL - SIEM Integration
To: Sakshi Behl <sakshi.behl@credots.com>,
 "pgsql-general@postgresql.org" <pgsql-general@postgresql.org>
References: <DU2PR04MB8920FAA78FD9B8FAE7BEE1D3EBC32@DU2PR04MB8920.eurprd04.prod.outlook.com>
Content-Language: en-US
From: Adrian Klaver <adrian.klaver@aklaver.com>
In-Reply-To: <DU2PR04MB8920FAA78FD9B8FAE7BEE1D3EBC32@DU2PR04MB8920.eurprd04.prod.outlook.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/e904238e-8eaf-4d60-9371-37053bd0c38a%40aklaver.com>
Precedence: bulk

On 2/24/25 22:51, Sakshi Behl wrote:
> Hi Team,
> 
> We are in the process of integrating pgSQL with our SIEM and would 
> appreciate your expert guidance on this matter.
> Kindly refer to the attached document outlining the events of interest 
> and provide your input based on the relevant postgreSQL log entries.

https://www.postgresql.org/docs/current/event-trigger-definition.html

> 
> Looking forward to hearing from you.
> 
> Thanks

-- 
Adrian Klaver
adrian.klaver@aklaver.com