Re: Auditing extension for PostgreSQL (Take 2)

Peter,

* Peter Eisentraut (peter_e(at)gmx(dot)net) wrote:
> On 5/7/15 10:26 AM, Stephen Frost wrote:
> > Auditing is about "what happened" whereas
> > statement logging is "log whatever statement the user sent." pgAudit
> > bears this out by logging internal SQL statements and object
> > information, unlike what we do with statement logging today.
>
> I don't think this is quite correct. For example,
> log_min_duration_statement logs based on what happened. log_duration
> records what happened. log_checkpoints records what happened.
> log_statement also requires parsing before deciding whether to log.

I'm not sure I agree, but it seems a relatively minor point (please
correct me if you feel differently). You're certainly correct that
log_min_duration_statement allows filtering of the statement logging
based on what happened, but it's still statement logging. The other log
options are more in-line with "what happened" kind of logging, but they
also aren't user activity, so perhaps rephrasing my statement along the
lines of "what happened based on user activity" would make more sense.
On the other hand, log_checkpoints isn't "statement" or "session"
logging, which is what we had been discussing, I thought.

I agree that log_duration is more in-line with "what happened".

> Generally, "logging" is "what happened". The stuff in syslog is what
> happened on the system.

Agreed, but I had thought we were primairly focusing on session /
statement logging, which is the potential overlap in capability being
discussed as related to pgAudit (I don't expect pgAudit to ever include
checkpoint logging, for example). My email to Bruce, I believe,
clarifies how I've been thinking about statement/session logging and the
more general category of "logging" (which auditing certainly falls under
also, as "audit logging").

Thanks!

Stephen