Re: pgaudit - an auditing extension for PostgreSQL - Mailing list pgsql-hackers

From Stephen Frost
Subject Re: pgaudit - an auditing extension for PostgreSQL
Date
Msg-id 20141227152221.GV3062@tamriel.snowman.net
Whole thread Raw
In response to Re: pgaudit - an auditing extension for PostgreSQL  (Simon Riggs <simon@2ndQuadrant.com>)
List pgsql-hackers
* Simon Riggs (simon@2ndQuadrant.com) wrote:
> On 27 December 2014 at 08:47, Abhijit Menon-Sen <ams@2ndquadrant.com> wrote:
>
> > But there's no way to say *don't* audit select on foo by simon.
>
> We can cover what it does and does not do in some doc examples.
>
> When submitted, pgaudit didn't have very complex auditing rules.
> Stephen's suggestion improves that considerably, but isn't the only
> conceivable logging rule. But we'll need to see what else is needed; I
> doubt we'll need everything, at least not in PG9.5

Agreed, it allows us much more flexibility, but it isn't a panacea.  I'm
hopeful that it'll be flexibile enough for certain regulatory-required
use-cases.  In any case, it's much closer and is certainly worthwhile
even if it doesn't allow for every possible configuration or ends up not
meeting specific regulatory needs because it moves us to a place where
we can sensibly consider "what else is needed?"
Thanks,
    Stephen

pgsql-hackers by date:

Previous
From: Simon Riggs
Date:
Subject: Re: pgaudit - an auditing extension for PostgreSQL
Next
From: Tom Lane
Date:
Subject: Re: CATUPDATE confusion?