Using EDB audit logging v17
EDB Postgres Advanced Server allows database and security administrators, auditors, and operators to track and analyze database activities using EDB audit logging. EDB audit logging generates audit log files, which can be configured to record information such as:
- When a role establishes a connection to an EDB Postgres Advanced Server database
- The database objects a role creates, modifies, or deletes when connected to EDB Postgres Advanced Server
- When any failed authentication attempts occur
The parameters specified in the configuration files postgresql.conf
or postgresql.auto.conf
control the information included in the audit logs.
audit_logging_configuration_parameters selecting_sql_statements_to_audit enabling_audit_logging audit_log_file using_error_codes_to_filter_audit_logs using_command_tags_to_filter_audit_logs redacting_passwords_from_audit_logs audit_log_archiving object_auditing
Selecting SQL statements to audit
How to use the edb_audit_statement to include comma-separated values to control the SQL statements to audit
Enabling audit logging
How to configure EDB Postgres Advanced Server to log the items you want to audit
Using error codes to filter audit logs
Describes how to filter the audit logs based on specific error codes
Using command tags to filter audit logs
Describes how to use command tags to find log file entries related to a SQL command
Redacting passwords in audit logs
Describes how to redact stored passwords in the audit log file
Archiving audit logs
Describes how to use the Audit Archiver to manage audit log files
Auditing objects
Describes how to selectively audit objects for specific DML statements