Postgres Pro Enterprise Manager : Documentation: 2: 59.1. Pre-Configuring Logging of Audit Events : Postgres Professional

59.1. Pre-Configuring Logging of Audit Events
Prev	Up	Chapter 59. Event Log	Home	Next

59.1. Pre-Configuring Logging of Audit Events #

For PPEM to log audit events, the logging must be configured first in the ppem-manager.yml manager configuration file.

You can specify the following parameters:

audit:
  enabled: true or false
  syslog:
    protocol: one_of_supported_transport_protocols
    address: address_of_a_syslog_server
    port: port_of_the_syslog_server
    facility: facility_of_syslog_messages
    tag: tag_of_syslog_messages
  log:
    path: path_to_a_log_file
    mode: access_mode_for_the_log_file

Where:

enabled: The state of the audit event logger.
Possible values:
- true: The logger is enabled, PPEM logs audit events.
  If the logger is enabled, PPEM adds the audit_events_housekeeping system housekeeping rule for the repository database.
  By default, the auto-run schedule is not configured for this rule. Configure the schedule if necessary.
- false: The logger is disabled, PPEM does not log audit events.
Default value: false (the logger is disabled).
syslog: The parameters of sending audit event log to a syslog server.
This group of parameters is optional. If omitted and the audit.enabled parameter is set to true, audit events are logged but not sent to a syslog server.
- protocol: The transport protocol used for the delivery of syslog messages.
  Possible values:
  - local or '' (empty string): The messages are transported within the originating server and not sent over a network.
  - One of tcp, tcp4, or tcp6: Use TCP as the transport.
    Specify tcp4 or tcp6 to explicitly use TCP over IPv4 or IPv6, respectively. Specify tcp to leave the protocol selection to PPEM.
  - One of udp, udp4, or udp6: Use UDP as the transport.
    Specify udp4 or udp6 to explicitly use UDP over IPv4 or IPv6, respectively. Specify udp to leave the protocol selection to PPEM.
  - One of ip, ip4, or ip6: Use IP as the transport.
    Specify ip4 or ip6 to explicitly use IPv4 or IPv6, respectively. Specify ip to leave the protocol selection to PPEM.
  - One of unix, unixgram, or unixpacket: Use a UNIX domain socket as the transport.
    The above values are the types of UNIX domain sockets that use different semantics:
    The socket of the unix type uses SOCK_STREAM semantics.
    The socket of the unixgram type uses SOCK_DGRAM semantics.
    The socket of the unixpacket type uses SOCK_SEQPACKET semantics.
- address: The address of the syslog server, if required by the selected transport protocol.
- port: The port of the syslog server, if required by the selected transport protocol.
- facility: The facility of syslog messages.
  Possible values:
  - kern: Kernel messages.
  - user: User-level messages.
  - mail: Mail system.
  - daemon: System daemons.
  - auth: Security/authorization messages.
  - syslog: Messages generated internally by syslogd.
  - lpr: Line printer subsystem.
  - news: Network news subsystem.
  - uucp: UUCP subsystem.
  - cron: Clock daemon.
  - authpriv: Security/authorization messages.
  - ftp: FTP daemon.
  - local0 to local7: Local use 0–7.
  Default value: kern.
- tag: The tag of syslog messages.
  Default value: ppem if the parameter is omitted or has the '' (empty string) value.
log: The parameters of sending audit event log to a plain text file.
This group of parameters is optional. If omitted and the audit.enabled parameter is set to true, audit events are logged but not sent to a plain text file.
- path: The path to the plain text log file.
  If the file does not exist, it is created automatically.
  Example: /tmp/auth.log
- mode: The file mode of the log file specified in the path parameter. The parameter format is 0xxx, the same as for the chmod command.
  Example: 0644

Prev	Up	Next
Chapter 59. Event Log	Home	59.2. Viewing Event Log

epub pdf