On Mon, 2006-01-30 at 17:19 -0500, Bruce Momjian wrote:
> Ted Powell wrote:
> > On Mon, Jan 30, 2006 at 04:31:29PM -0500, Bruce Momjian wrote:
> > >
> > > I assume it is this TODO:
> > >
> > > * Allow protocol-level BIND parameter values to be logged
> > >
> > >
> > > ---------------------------------------------------------------------------
> > >
> > > Ted Powell wrote:
> > > > Our development group needs to have the option of logging all SQL
> > > > statements including substituted parameter values. [...]
> >
> > That's it! (I should have thought to look in the TODO.)
> >
> > Has any design work been done on this?
>
> No. I am with Simon Riggs today at my house and I asked him, hoping he
> can get it done for 8.2. I don't think it is very hard.
Some more detailed thoughts:
1. Do we want to log parameters at Bind time or at Execution time? Bind
is easier and more correct, but might look a little strange in the log
since the parameters would be logged before the execution appears. IMHO
Bind time is more correct. That would mean we have a separate line for
logged parameters, e.g.
parameters: p1=111 p2=hshssh p3=47000.5
2. Should we save them until end of execution, so we can output them on
the same line as log_min_duration_statement queries? Sounds easier but
the meaning might be more confused.
3. Do we want to log parameters that are used for planning, but no
others? Sometimes yes, sometimes no, I think.
Sounds like we need:
- a log_parameters GUC with settings of: "none", "plan" and "all".
- output log messages at Bind time on a separate log line, which would
replace the existing "statement: [protocol] <BIND>" message with
"(portalname) parameters: p1=111 p2=hshssh p3=47000.5"
- portalname would be blank if we aren't using named portals
While we're discussing logging, I also want to be able to set
log_min_duration_statement on a user by user basis (i,e, for individual
applications). We set this to superuser-only for valid security reasons,
but I'd like to have the ability for the superuser to relax that
restriction for short periods, or even permanently on development
servers. That sounds like another GUC: log_security = on
which would enforce SUSET/USERSET control (and would need to be a SIGHUP
parameter).
Best Regards, Simon Riggs