From: | "Little, Douglas" <DOUGLAS(dot)LITTLE(at)orbitz(dot)com> |
---|---|
To: | "PostgreSQL General (pgsql-general(at)postgresql(dot)org)" <pgsql-general(at)postgresql(dot)org> |
Subject: | log select access |
Date: | 2012-07-26 21:32:35 |
Message-ID: | 8585BA53443004458E0BAA6134C5A7FBAEB7EC0D@EGEXCMB01.oww.root.lcl |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
Hello everybody,
For PCI compliance I need to log user access to my PCI columns in a table and retain for 2 years.
I know I can grep the log, but with 1m log rows/day and infrequent PCI access, I'm thinking this isn't the most efficient method.
I've been thinking about a SELECT rule, for the access views defined on the tables with PCI columns.
I reviewed the doc but belive I'm constrained
I would like to create a select rule that would log the statement in addition to executing the select.
"Presently, ON SELECT rules must be unconditional INSTEAD rules and must have actions that consist of a
single SELECT command. Thus, an ON SELECT rule effectively turns the table into a view, whose visible"
makes me think I can't do this. Any advice how I might accomplish the goal.
format
CREATE [ OR REPLACE ] RULE name AS ON event
TO table [ WHERE condition ]
DO [ ALSO | INSTEAD ] { NOTHING | command | ( command ; command ... ) }
Create rule pci_select as on select to creditcard do
Instead (begin
Insert into pci_log( sql statement);
Select * from creditcard;
end)
Thanks
Doug Little
Sr. Data Warehouse Architect | Business Intelligence Architecture | Orbitz Worldwide
500 W. Madison, Suite 1000 Chicago IL 60661| Office 312.260.2588 | Fax 312.894.5164 | Cell 847-997-5741
Douglas(dot)Little(at)orbitz(dot)com<mailto:Douglas(dot)Little(at)orbitz(dot)com>
[cid:image001(dot)jpg(at)01CD6B4B(dot)4CEC3480] orbitz.com<http://www.orbitz.com/> | ebookers.com<http://www.ebookers.com/> | hotelclub.com<http://www.hotelclub.com/> | cheaptickets.com<http://www.cheaptickets.com/> | ratestogo.com<http://www.ratestogo.com/> | asiahotels.com<http://www.asiahotels.com/>
From | Date | Subject | |
---|---|---|---|
Next Message | Merlin Moncure | 2012-07-26 21:59:20 | Re: log select access |
Previous Message | Jaime Casanova | 2012-07-26 21:27:51 | Re: PostgreSQL limitations question |