Using EDB audit logging v17

EDB Postgres Advanced Server allows database and security administrators, auditors, and operators to track and analyze database activities using EDB audit logging. EDB audit logging generates audit log files, which can be configured to record information such as:

  • When a role establishes a connection to an EDB Postgres Advanced Server database
  • The database objects a role creates, modifies, or deletes when connected to EDB Postgres Advanced Server
  • When any failed authentication attempts occur

The parameters specified in the configuration files postgresql.conf or postgresql.auto.conf control the information included in the audit logs.

audit_logging_configuration_parameters selecting_sql_statements_to_audit enabling_audit_logging audit_log_file using_error_codes_to_filter_audit_logs using_command_tags_to_filter_audit_logs redacting_passwords_from_audit_logs audit_log_archiving object_auditing

Selecting SQL statements to audit

How to use the edb_audit_statement to include comma-separated values to control the SQL statements to audit

Enabling audit logging

How to configure EDB Postgres Advanced Server to log the items you want to audit

Using error codes to filter audit logs

Describes how to filter the audit logs based on specific error codes

Using command tags to filter audit logs

Describes how to use command tags to find log file entries related to a SQL command

Redacting passwords in audit logs

Describes how to redact stored passwords in the audit log file

Archiving audit logs

Describes how to use the Audit Archiver to manage audit log files

Auditing objects

Describes how to selectively audit objects for specific DML statements