| From: | Michael Banck <michael(dot)banck(at)credativ(dot)de> |
|---|---|
| To: | Daulat <daulat(dot)dba(at)gmail(dot)com> |
| Cc: | Holger Jakobs <holger(at)jakobs(dot)com>, pgsql-admin <pgsql-admin(at)lists(dot)postgresql(dot)org> |
| Subject: | Re: How to Log DBA actions |
| Date: | 2021-12-21 20:53:39 |
| Message-ID: | 61c23ed4.1c69fb81.e4f24.27ac@mx.google.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-admin |
On Mon, Dec 20, 2021 at 12:24:14PM +0530, Daulat wrote:
> It means, there is no use of pgaudit if we already have log_statements
> enabled?
It depends. log_statments, logs *all* statements of the particular type,
so if you want to log whether the DBA do any data changes at all and set
it to "mod", that means, any other data changes (from the application)
will get logged as well.
Maybe you can live with just log_statement = ddl, or you can set
role-specific log_statement = mod,ddl for the DBA roles (this might not
work on a managed Postgres service).
If not, pgaudit allows to log much more fine-grained and targetted audit
events.
Michael
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Edward J. Sabol | 2021-12-21 21:05:34 | Re: Reconfiguring active PostgreSQL instance |
| Previous Message | Michael Banck | 2021-12-21 20:44:57 | Re: Reconfiguring active PostgreSQL instance |