Re: pgaudit - an auditing extension for PostgreSQL

From: "MauMau" <maumau307(at)gmail(dot)com>
To: "Abhijit Menon-Sen" <ams(at)2ndQuadrant(dot)com>, <pgsql-hackers(at)postgresql(dot)org>
Cc: "Stephen Frost" <sfrost(at)snowman(dot)net>, Fabrízio de Royes Mello <fabriziomello(at)gmail(dot)com>, "Simon Riggs" <simon(at)2ndquadrant(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>, "Bruce Momjian" <bruce(at)momjian(dot)us>, "Fujii Masao" <masao(dot)fujii(at)gmail(dot)com>, "Ian Barwick" <ian(at)2ndquadrant(dot)com>
Subject: Re: pgaudit - an auditing extension for PostgreSQL
Date: 2014-10-16 22:23:04
Message-ID: 61B2CC56456D4C91817619D13F5E5EA8@maumau
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-hackers

Hello,

I had a quick look through the code and did some testing. Let me give you
some comments. I will proceed with checking if pgaudit can meet PCI DSS
requirements.

By the way, I'd like to use pgaudit with 9.2. Is it possible with a slight
modification of the code? If it is, what features of pgaudit would be
unavailable? Could you support 9.2?

(1)
The build failed with PostgreSQL 9.5, although I know the README mentions
that pgaudit supports 9.3 and 9.4. The cause is T_AlterTableSpaceMoveStmt
macro is not present in 9.5. I could build and use pgaudit by removing two
lines referring to that macro. I tested pgaudit only with 9.5.

(2)
I could confirm that DECLARE is audit-logged as SELECT and FETCH/CLOSE are
not. This is just as expected. Nice.

(3)
SELECT against a view generated two audit log lines, one for the view
itself, and the other for the underlying table. Is this intended? I'm not
saying that's wrong but just asking.

(4)
I'm afraid audit-logging DML statements on temporary tables will annoy
users, because temporary tables are not interesting. In addition, in
applications which use the same temporary table in multiple types of
transactions as follows, audit log entries for the DDL statement are also
annoying.

BEGIN;
CREATE TEMPORARY TABLE mytemp ... ON COMMIT DROP;
DML;
COMMIT;

The workaround is "CREATE TEMPORARY TABLE mytemp IF NOT EXIST ... ON COMMIT
DELETE ROWS". However, users probably don't (or can't) modify applications
just for audit logging.

(5)
This is related to (4). As somebody mentioned, I think the ability to
select target objects of audit logging is definitely necessary. Without
that, huge amount of audit logs would be generated for uninteresting
objects. That would also impact performance.

(6)
What's the performance impact of audit logging? I bet many users will ask
"about what percentage would the throughtput decrease by?" I'd like to know
the concrete example, say, pgbench and DBT-2.

(7)
In README, COPY FROM/TO should be added to read and write respectively.

(8)
The code looks good. However, I'm worried about the maintenance. How can
developers notice that pgaudit.c needs modification when they add a new SQL
statement? What keyword can they use to grep the source code to find
pgaudit.c?

Regards
MauMau

In response to

Responses

Browse pgsql-hackers by date

  From Date Subject
Next Message Simon Riggs 2014-10-16 22:44:20 Re: pgaudit - an auditing extension for PostgreSQL
Previous Message Stephen Frost 2014-10-16 21:05:30 Re: Additional role attributes && superuser review