Thread: trigger ddl actions in a table

I need a way for logging every action on the system catalog. I must have a
table which shows when a tables was created or updated or deleted. I need
the date  of the change .

I tried to make an trigger on pg_catalog.pg_class but this throws an error :
"ERROR: permission denied: "pg_class" is a system catalog".

I can see all ddl in my log files, but
    - there are even the errors in and
    - i can't use it for a select


Is there an possibility for having such an system-action table??



Thanks

Monika König

On Thu, Nov 15, 2007 at 04:29:51PM +0100, "König, Monika" wrote:
> I can see all ddl in my log files, but
>     - there are even the errors in and
>     - i can't use it for a select

There are logging options that should allow you to collect the DDL and then
parse it.  You could then load it into a table.  But to answer your
question,

> Is there an possibility for having such an system-action table??

you cannot today have triggers on system tables, and AFAIK nobody has
contributed a DDL-audit capability yet.  IMO the safest (i.e. least subject
to attack) way to do this would be to pull it out of the WAL on another
machine.  Given that we already have PITR, the data must be in there (maybe
not with a wallclock time, but with relative time).  It seems this is
something that could be added, if someone were to do the work.  I am not
aware that anyone is doing it at the moment, but I bet there are developers
who will work for sponsorship :)

A

--
Andrew Sullivan
Old sigs will return after re-constitution of blue smoke