Re: Auditing extension for PostgreSQL (Take 2) - Mailing list pgsql-hackers

From David Steele
Subject Re: Auditing extension for PostgreSQL (Take 2)
Date
Msg-id 552D2C1A.3060002@pgmasters.net
Whole thread Raw
In response to Re: Auditing extension for PostgreSQL (Take 2)  (Simon Riggs <simon@2ndQuadrant.com>)
Responses Re: Auditing extension for PostgreSQL (Take 2)
List pgsql-hackers
Attached is the v7 pg_audit patch.

I've tried to address Peter's documentation concerns by cleaning up the
terminology and adding a real-world case plus usage recommendations.
The word "auditing" has been expunged from the docs in favor of the term
"audit logging".

Per Simon's request, there is now a pg_audit.log_relation setting that
makes session audit logging exhaustively log all relations as it did
before.  The ROLE logging class is back as well.

Simon also suggested a way that pg_audit could be tested with standard
regression so I have converted all tests over and removed test.pl.

Sawada, I'd certainly appreciate it if you'd try again and see if you
are still getting a segfault with your test code (which you can find in
the regression tests).

Currently the patch will compile on master (I tested with b22a36a) or
optionally with Alvaro's deparse patches applied (only 0001 & 0002
needed).  I've supplied a different regression test out file
(expected/pg_audit-deparse.out) which can be copied over the standard
out file (expected/pg_audit.out) if you'd like to do regression on
pg_audit with deparse.  The small section of code that calls
pg_event_trigger_ddl_commands() can be compiled by defining DEPARSE or
removed the #ifdefs around that block.

Please let me know if I've missed anything and I look forward to
comments and questions.

Thanks,
--
- David Steele
david@pgmasters.net

Attachment

pgsql-hackers by date:

Previous
From: Magnus Hagander
Date:
Subject: Re: FPW compression leaks information
Next
From: Stephen Frost
Date:
Subject: Re: FPW compression leaks information