Postgres Pro
Downloads
Home   >   mailing lists

Thread: Database Auditing

Database Auditing

From
Marco Serantoni
Date:
I'm evaluating of use postgresql but for local law requirements is 
needed for the access of some kind of data (sensitive) a log of the 
accesses (Auditing) is a feature available in many databases but i've 
seen that lacks in PostgreSQL, there are already plans to implement it 
or patches already submitted ?
If not both could someone give me some hints on how do it and where 
"attach" the code like open the file in postmaster.c intercept the query 
in that function etc.

Thank you in advance :)

Re: Database Auditing

From
"Merlin Moncure"
Date:
On 10/11/06, Marco Serantoni <m.serantoni@caltanet.it> wrote:
> I'm evaluating of use postgresql but for local law requirements is
> needed for the access of some kind of data (sensitive) a log of the
> accesses (Auditing) is a feature available in many databases but i've
> seen that lacks in PostgreSQL, there are already plans to implement it
> or patches already submitted ?
> If not both could someone give me some hints on how do it and where
> "attach" the code like open the file in postmaster.c intercept the query
> in that function etc.
>
> Thank you in advance :)

we can probably come up with something.  can you please give specific
requirements about what type of information you have to keep track of?

merlin

Re: Database Auditing

From
"Merlin Moncure"
Date:
On 10/12/06, Marco Serantoni <m.serantoni@caltanet.it> wrote:
> >> I'm evaluating of use postgresql but for local law requirements is
> >> needed for the access of some kind of data (sensitive) a log of the
> >> accesses (Auditing) is a feature available in many databases but i've
> >> seen that lacks in PostgreSQL, there are already plans to implement it
> >> or patches already submitted ?
> >> If not both could someone give me some hints on how do it
> > we can probably come up with something.  can you please give specific
> > requirements about what type of information you have to keep track of?
>  username, date and statement executed and optionally the IP.

[moving this discussion to -general] please direct responses to that list only]

have you looked at postgreql.conf?  you can log all of those things
and much more into the postgresql log.  There is also built in
rotation and retention policies.

most especially,
log_statement = 'all'

now for fancy stuff, like logging of application data or other things
like that, you can do many things with triggers.  It is possible to
write triggers that are pretty generic which can do that type of
thing.

merlin

Re: Database Auditing

From
Marco Serantoni
Date:
>> I'm evaluating of use postgresql but for local law requirements is
>> needed for the access of some kind of data (sensitive) a log of the
>> accesses (Auditing) is a feature available in many databases but i've
>> seen that lacks in PostgreSQL, there are already plans to implement it
>> or patches already submitted ?
>> If not both could someone give me some hints on how do it
> we can probably come up with something.  can you please give specific
> requirements about what type of information you have to keep track of?username, date and statement executed and
optionallythe IP.