From: | Stephen Frost <sfrost(at)snowman(dot)net> |
---|---|
To: | Simon Riggs <simon(at)2ndQuadrant(dot)com> |
Cc: | Yeb Havinga <yebhavinga(at)gmail(dot)com>, Jim Nasby <Jim(dot)Nasby(at)bluetreble(dot)com>, Robert Haas <robertmhaas(at)gmail(dot)com>, Abhijit Menon-Sen <ams(at)2ndquadrant(dot)com>, Michael Paquier <michael(dot)paquier(at)gmail(dot)com>, MauMau <maumau307(at)gmail(dot)com>, "pgsql-hackers(at)postgresql(dot)org" <pgsql-hackers(at)postgresql(dot)org>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>, Bruce Momjian <bruce(at)momjian(dot)us>, Fujii Masao <masao(dot)fujii(at)gmail(dot)com>, Ian Barwick <ian(at)2ndquadrant(dot)com> |
Subject: | Re: pgaudit - an auditing extension for PostgreSQL |
Date: | 2015-02-17 15:52:55 |
Message-ID: | 20150217155255.GS6717@tamriel.snowman.net |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
* Simon Riggs (simon(at)2ndQuadrant(dot)com) wrote:
> I vote to include pgaudit in 9.5, albeit with any changes. In
> particular, David may have some changes to recommend, but I haven't
> seen a spec or a patch, just a new version of code (which isn't how we
> do things...).
Hrm. I thought David's new patch actually looked quite good and it's
certainly quite a bit different from the initial patch (which didn't
seem like it was moving forward..). Guess I'm confused how a new patch
is different from a 'new version of code' and I didn't see a spec for
either patch. From the old thread, David had offered to submit a pull
request if there was interest and I didn't see any response...
> I'm happy to do final review and commit. Assuming we are in agreement,
> what changes are needed prior to commit?
I'm all about getting something done here for 9.5 also and would
certainly prefer to focus on that.
The recent discussion has all moved towards the approach that I was
advocating where we use GRANT simimlar to how AUDIT exists in other
RDBMS's. Both the latest version of the code from Abhijit and David's
code do that and I found what David did quite easy to follow- no big
#ifdef blocks (something I complained about earlier but didn't see any
progress on..) and no big switch statements that would likely get
out-dated very quickly. I'm not against going back to the code
submitted by Abhijit, if it's cleaned up and has the #ifdef blocks and
whatnot removed that were discussed previously. I don't fault David for
moving forward though, given the lack of feedback.
Perhaps there's an issue where the classes provided by David's approach
aren't granular enough but it's certainly better than what we have
today. The event-trigger based approach depends on as-yet-uncommitted
code, as I understand it. I'd certainly rather have fewer audit classes
which cover everything than more audit classes which end up not covering
everything because we don't have all the deparse code or event triggers
we need completed and committed yet.
Thanks!
Stephen
From | Date | Subject | |
---|---|---|---|
Next Message | Andres Freund | 2015-02-17 16:01:50 | Re: parallel mode and parallel contexts |
Previous Message | Robert Haas | 2015-02-17 15:45:50 | Re: Add pg_settings.pending_restart column |