New feature request for adding session information to PostgreSQL transaction log

Hi PostgreSQL team,

Oracle Audit Vault and Database Firewall (AVDF) audits/monitors database activities. This product helps enterprises to manage the security posture of Oracle , PostgreSQL and other databases.

Oracle AVDF helps customers in India comply with the Ministry of Corporate Affairs (MCA) Guidelines (https://www.mca.gov.in/Ministry/pdf/AuditAuditorsAmendmentRules_24032021.pdf)
As per the MCA guidelines it is mandatory to capture details of what data was changed, when it was changed and who made the change.

PostgreSQL generates and stores (change data capture) information in transaction log, which is in turn read by Oracle GoldenGate and stored in XML files. These XML files are processed by AVDF and stored in AVDF database.

From an auditing perspective, three details are mandatory.

*
What was the change?
*
When did the change happen?
*
Who made the change?

The PostgreSQL transaction log currently has information about what was the change, and when the change happened. But it does not have any information about who made the change.

We would like PostgreSQL to store the details of who made the change (user/session) information in the transaction log.

Below are the user/session information from an auditing perspective.

Mandatory critical session information

*
DB User Name
*
OS User Name
*
Client Host Name
*
Client/AppUser ID

Other important session information

*
Program Name
*
OS Terminal Name
*
Process ID
*
Proxy Session ID

Since these details are mandated by MCA regulations, we would humbly request your expertise in prioritizing this enhancement.

Warm regards,
Sumanth Vishwaraj