Hi Jamie & All
I experimented a bit with the audit function and i added a field to the audit table where i store which table the audit record originates from. I was thinking it should be possible to to pare the hstore fields using populate_record to its original form using the original table definition. The query below works but of course only as long as there is only one record
select * FROM populate_record(null::t,
(select log_new_values FROM audit.audit_log
WHERE log_schema = 'public' AND log_table = 't' AND log_id = 10 ));
What i would like to do is to return a goup of records for example all record within a time span for a certain table and my sql understanding is not good enough to solve this and i cant really find any examples how it should be done. The query below gets audit records within a times pan but it fails since more then one record is returned.
select * FROM populate_record(null::t,
(select log_new_values FROM audit.audit_log
WHERE log_schema = 'public' AND log_table = 't' AND log_when BETWEEN '2011-08-20' AND '2011-08-25' ));
Is what i like to to at all possible to solve ?
Thank you in Advance!
Jan Eskilsson
2011/8/17 Jaime Casanova
<jaime@2ndquadrant.com>On Tue, Aug 16, 2011 at 4:02 PM, M. D. <
lists@turnkey.bz> wrote:
> Hi everyone,
>
> I'm a bit lazy, or actually in a bit of a crunch. I added an audit
> recording a few months ago, but never really used it much, but today I'm
> seeing a bunch of suspicious activity by one user. Does someone have any
> function to quickly parse this data?
>
i made this one for that: https://github.com/jcasanov/pg_audit
it has two versions one using hstore in which you will see in old
"column=>old_data" and in new "column=>new_data" seems better and i
guess you can use hstore functions on it
(http://www.postgresql.org/docs/9.0/static/hstore.html)
The other one uses arrays to store column names, old values, new
values, still more parseable
--
Jaime Casanova www.2ndQuadrant.com
Professional PostgreSQL: Soporte 24x7 y capacitación
