Thread: audit sql queries

audit sql queries

From

Dan99

Date:

10 September 2007, 12:33:07

Hello,

I am working on auditing interactions with a pgsql database using
php.  So my question is how can i go about obtaining the following
information by only being provided a pgsql query.  I have asked this
same question in a php group however i would also like to ask it here
encase there is a way to do this entirely through postgres.

1. table(s) affected
2. column(s) affected
3. action performed on data (ie. update, insert, select, delete)
4. previous data for each row and column effected (if data changed or
deleted)
5. new data for each row and column effected (or existing data if data
is being selected)

Any help with this would be greatly appreciated.

Thanks,
Dan

Re: audit sql queries

From

"Rodrigo De León"

Date:

10 September 2007, 13:01:04

On 9/9/07, Dan99 <power919@gmail.com> wrote:
> Any help with this would be greatly appreciated.

http://www.postgresql.org/docs/8.2/static/plpgsql-trigger.html#PLPGSQL-TRIGGER-AUDIT-EXAMPLE

Re: audit sql queries

From

Richard Huxton

Date:

10 September 2007, 14:04:11

Dan99 wrote:
> Hello,
>
> I am working on auditing interactions with a pgsql database using
> php.  So my question is how can i go about obtaining the following
> information by only being provided a pgsql query.  I have asked this
> same question in a php group however i would also like to ask it here
> encase there is a way to do this entirely through postgres.

http://pgfoundry.org/search/?type_of_search=soft&words=audit&Search=Search

--
   Richard Huxton
   Archonet Ltd

Re: audit sql queries

From

Jeff Davis

Date:

10 September 2007, 18:28:30

On Sun, 2007-09-09 at 23:13 +0000, Dan99 wrote:
> 1. table(s) affected
> 2. column(s) affected
> 3. action performed on data (ie. update, insert, select, delete)
> 4. previous data for each row and column effected (if data changed or
> deleted)
> 5. new data for each row and column effected (or existing data if data
> is being selected)

Auditing SELECTs is the trickiest; everything else can be done with
triggers.

For SELECT, you can use a view over a set-returning function, where the
function actually reads the underlying data, however that could be bad
for performance.

Alternatively, there is also kind of a trick where you can use an
uncorrelated subquery in a view so that the select has the side effect
of executing a function, like so:

CREATE VIEW mytable_audit AS SELECT * FROM mytable WHERE (SELECT
audit_func());

audit_func() should always return true, and should also record the other
information that you need. This strategy may perform better than using a
set-returning function.

Regards,
    Jeff Davis