Sr. No.

DB Name User Name Hostname IP Port

1 local_db app_user test-machine01 5442
2 remote_db fdw_user test-machine02 6442

[postgres@test-machine02]
[postgres@test-machine02]psql
psql (13.2)
Type "help" for help.
postgres=#
postgres=#
postgres=# create database remote_db;
CREATE DATABASE
postgres=#
postgres=# CREATE USER fdw_user WITH ENCRYPTED PASSWORD 'secret';
CREATE ROLE
postgres=# \du+
List of roles
Role name | Attributes | Member of | Description
-----------+------------------------------------------------------------+-----------+-------------
user_test | Superuser | {} |
fdw_user | | {} |
postgres | Superuser, Create role, Create DB, Replication, Bypass RLS | {} |
repluser | Replication | {} |
postgres=#
postgres=# \q
[postgres@test-machine02]psql -p 6432 -U fdw_user remote_db
Password for user fdw_user:
psql (13.2)
Type "help" for help.

remote_db=> create table employee (id int, first_name varchar(20), last_name varchar(20));
CREATE TABLE
remote_db=> insert into employee values (1,'jobin','augustine'),(2,'avinash','vallarapu'),
(3,'fernando','camargos');
INSERT 0 3
remote_db=> \dt employee
List of relations
Schema | Name | Type | Owner
--------+----------+-------+----------
public | employee | table | fdw_user
(1 row)

remote_db=> select count(*) from employee;

 count
-------
3
(1 row)

remote_db=>

[postgres@test-machine02]pwd
/var/lib/pgsql/13/data
[postgres@test-machine02]cat pg_hba.conf
# IPv4 local connections:
host all all 127.0.0.1/32 scram-sha-256
host all all 192.168.114.0/24 scram-sha-256
[postgres@test-machine02]

[root@test-machine01 ~]# su - postgres

Last login: Fri Oct 1 12:24:24 +03 2021 on pts/0
[postgres@test-machine01]
[postgres@test-machine01] psql local_db
psql (9.2.24, server 13.4)
WARNING: psql version 9.2, server version 13.0.
Some psql features might not work.
Type "help" for help.

local_db=# create extension dblink;

ERROR: could not open extension control file "/usr/pgsql-13/share/extension/dblink.control": No
such file or directory
local_db=#

[root@test-machine01 extension]# yum install postgresql13-contrib

Loaded plugins: langpacks, ulninfo

Dependencies Resolved

========================================================================
========================================================================
=============================
Package Arch Version
Repository Size
========================================================================
========================================================================
=============================
Installing:
postgresql13-contrib x86_64 13.4-1PGDG.rhel7
pgdg13 609 k
Updating for dependencies:
postgresql13 x86_64 13.4-1PGDG.rhel7
pgdg13 1.4 M
postgresql13-libs x86_64 13.4-1PGDG.rhel7
pgdg13 381 k
postgresql13-server x86_64 13.4-1PGDG.rhel7
pgdg13 5.4 M

Transaction Summary
========================================================================
========================================================================
=============================
Install 1 Package
Upgrade ( 3 Dependent packages)
Verifying : postgresql13-13.1-1PGDG.rhel7.x86_64
5/7
Verifying : postgresql13-libs-13.1-1PGDG.rhel7.x86_64
6/7
Verifying : postgresql13-server-13.1-1PGDG.rhel7.x86_64
7/7

Installed:
postgresql13-contrib.x86_64 0:13.4-1PGDG.rhel7

Dependency Updated:
postgresql13.x86_64 0:13.4-1PGDG.rhel7 postgresql13-libs.x86_64 0:13.4-
1PGDG.rhel7 postgresql13-server.x86_64 0:13.4-1PGDG.rhel7

Complete!
[root@test-machine01 extension]#

postgres=# create user app_user with password 'secret' superuser;

CREATE ROLE
postgres=# create database loacl_db owner app_user;
CREATE DATABASE

local_db=#
local_db=# create extension dblink;
CREATE EXTENSION

local_db=#
local_db=#
local_db=# \dx
List of installed extensions
Name | Version | Schema | Description
--------------+---------+------------+--------------------------------------------------------------
dblink | 1.2 | public | connect to other PostgreSQL databases from within a database
plpgsql | 1.0 | pg_catalog | PL/pgSQL procedural language
postgres_fdw | 1.0 | public | foreign-data wrapper for remote PostgreSQL servers
(3 rows)

local_db=# select * from pg_extension;

oid | extname | extowner | extnamespace | extrelocatable | extversion | extconfig |
extcondition
-------+--------------+----------+--------------+----------------+------------+-----------+--------------
14161 | plpgsql | 10 | 11 | f | 1.0 | |
26435 | postgres_fdw | 10 | 2200 | t | 1.0 | |
26444 | dblink | 10 | 2200 | t | 1.2 | |
(3 rows)

local_db=#

local_db=# create server testmachine02_dblink foreign data wrapper dblink_fdw options

(dbname 'remote_db', host 'localhost', port '6442');
CREATE SERVER
local_db=#
local_db=# \des+
List of foreign servers
Name | Owner | Foreign-data wrapper | Access privileges | Type | Version |
FDW Options | Description
----------------------+----------+----------------------+---------------------+------+---------
+----------------------------------------------------------+-------------
testmachine02_dblink | postgres | dblink_fdw | | | | (dbname
'remote_db', host 'test-machine02', port '5432') |
testmachine02_fdw | postgres | postgres_fdw | postgres=U/postgres+| | |
(dbname 'remote_db', host 'test-machine02', port '5432') |
| | | app_user=U/postgres | | |
|
(2 rows)

local_db=#
local_db=# select * from pg_foreign_server;
oid | srvname | srvowner | srvfdw | srvtype | srvversion | srvacl |
srvoptions
-------+----------------------+----------+--------+---------+------------+-------------------------------------------
+--------------------------------------------------
 26439 | testmachine02_fdw | 10 | 26438 | | |
{postgres=U/postgres,app_user=U/postgres} | {dbname=remote_db,host=test-
machine02,port=5432}
26492 | testmachine02_dblink | 10 | 26489 | | | |
{dbname=remote_db,host=test-machine02,port=5432}
(2 rows)

local_db=#

local_db=#
local_db=# create user mapping for app_user server testmachine02_dblink options (user
'fdw_user', password 'secret');
CREATE USER MAPPING
local_db=#
local_db=# select * from pg_user_mappings;
umid | srvid | srvname | umuser | usename | umoptions
-------+-------+----------------------+--------+----------+---------------------------------
26440 | 26439 | testmachine02_fdw | 26421 | app_user | {user=fdw_user,password=secret}
26493 | 26492 | testmachine02_dblink | 26421 | app_user | {user=fdw_user,password=secret}
(2 rows)

local_db=#
local_db=#

local_db=# \quit
[postgres@test-machine01]
[postgres@test-machine01] psql -p 5432 -U app_user local_db
Password for user app_user:
psql (9.2.24, server 13.4)
WARNING: psql version 9.2, server version 13.0.
Some psql features might not work.
Type "help" for help.

local_db=>
local_db=> select dblink_connect('conn_dblink','testmachine02_dblink');
dblink_connect
----------------
OK
(1 row)

local_db=> select * from dblink ('conn_dblink','select * from employee') as test_dblink (id int,
first_name varchar(20), last_name varchar(20));
id | first_name | last_name
----+------------+-----------
1 | jobin | augustine
2 | avinash | vallarapu
3 | fernando | camargos
(3 rows)

local_db=>

local_db=# SELECT dblink_connect('conn', format('hostaddr=127.0.0.1 port=6442

dbname=remote_db user=fdw_user password=secret','testmachine02_dblink'));
dblink_connect
----------------
OK
(1 row)

local_db=# SELECT dblink_exec('conn', 'CREATE TABLE tmp (id integer)');

dblink_exec
--------------
CREATE TABLE
(1 row)

========================================================================
Auditing==================================================================
==================

yum install pgaudit*

[root@localhost bin]# pwd

/usr/pgsql-9.5/bin
su - postgres
Create instance on 9.5 version

add this configruation on postgresql.conf

shared_preload_libraries = ‘pgaudit’

start cluster

Create pgaudit extension

postgres=# CREATE EXTENSION pgaudit;

You can run the following query to check the new extension created:

postgres=# SELECT * FROM pg_available_extensions WHERE name LIKE '%audit%';

READ Example
First, create a test table and insert some data:

CREATE TABLE pgauditExample(id SERIAL, name TEXT);

INSERT INTO pgauditExample(name) VALUES ('crunchy');
Next, configure pgAudit to audit the read class by altering the pgaudit.log parameter:

ALTER SYSTEM SET pgaudit.log TO 'read';

SELECT pg_reload_conf();
With pgAudit set to audit the read class, SELECT from our test table:

SELECT name FROM pgauditExample;

Finally, check pg_log for an audit entry:

$ grep AUDIT postgresql-Fri.log | grep READ

2016-09-30 00:16:24.688 UTC postgres postgres LOG: AUDIT:
SESSION,1,1,READ,SELECT,,,SELECT name FROM pgauditExample;,<none>
WRITE Example
In the last example we configured pgAudit to audit the READ class of statements. Building on
the previous example, add WRITE:

ALTER SYSTEM SET pgaudit.log TO 'read, write';

SELECT pg_reload_conf();
With pgAudit set to audit the read and write classes, INSERT, UPDATE and DELETE from our
test table:

INSERT INTO pgauditExample(name) VALUES ('postgres');

UPDATE pgauditExample SET name = 'awesome' WHERE name = 'postgres';
DELETE FROM pgauditExample WHERE name = 'awesome';
Finally, check pg_log for the audit entries:

$ grep AUDIT postgresql-Fri.log | grep WRITE

2016-09-30 00:25:05.785 UTC postgres postgres LOG: AUDIT:

SESSION,2,1,WRITE,INSERT,,,INSERT INTO pgauditExample(name) VALUES
('postgres');,<none>
2016-09-30 00:25:05.787 UTC postgres postgres LOG: AUDIT:
SESSION,3,1,WRITE,UPDATE,,,UPDATE pgauditExample SET name = 'awesome' WHERE
name = 'postgres';,<none>
2016-09-30 00:25:06.476 UTC postgres postgres LOG: AUDIT:
SESSION,4,1,WRITE,DELETE,,,DELETE FROM pgauditExample WHERE name =
'awesome';,<none>
Function Example
So far we've configured pgAudit to audit READ and WRITE. Next, add FUNCTION to the watch
list.

ALTER SYSTEM SET pgaudit.log TO 'read, write, function';

SELECT pg_reload_conf();
With pgAudit set to audit the function class, execute an anonymous function:

DO $$
BEGIN
RAISE NOTICE 'pgAudit rocks!';
END
$$;
Finally, check pg_log for the audit entries:

$ tail -5 postgresql-Fri.log

2016-09-30 14:51:19.036 UTC postgres postgres LOG: AUDIT:

SESSION,1,1,FUNCTION,DO,,,"DO $$
BEGIN
RAISE NOTICE 'pgAudit rocks!';
END
$$;",<none>
Role Example
In the last example we configured pgAudit to audit the READ, WRITE and FUNCTION classes
of statements. Building on the previous example, add ROLE. Instead of adding role to the
pgaudit.log parameter, notice the configuration is different this time:

ALTER SYSTEM SET pgaudit.log TO 'all, -misc, -ddl';

SELECT pg_reload_conf();
This time the configuration specifies all classes except misc and ddl (read, write, function, role).

With pgAudit set to audit the role class, create, alter and drop some roles:

CREATE ROLE bob;

CREATE ROLE alice;
ALTER ROLE bob LOGIN;
ALTER ROLE alice LOGIN CONNECTION LIMIT 1;
GRANT ALL ON TABLE pgauditExample TO bob;
GRANT SELECT ON TABLE pgauditExample TO alice;
REVOKE ALL ON TABLE pgauditExample FROM bob;
REVOKE ALL ON TABLE pgauditExample FROM alice;
DROP ROLE bob;
DROP ROLE alice;
Finally, check pg_log for the audit entries:

2016-09-30 15:03:11.522 UTC postgres postgres LOG: AUDIT: SESSION,2,1,ROLE,CREATE

ROLE,,,CREATE ROLE bob;,<none>
2016-09-30 15:03:11.523 UTC postgres postgres LOG: AUDIT: SESSION,3,1,ROLE,CREATE
ROLE,,,CREATE ROLE alice;,<none>
2016-09-30 15:03:11.524 UTC postgres postgres LOG: AUDIT: SESSION,4,1,ROLE,ALTER
ROLE,,,ALTER ROLE bob LOGIN;,<none>
2016-09-30 15:03:11.526 UTC postgres postgres LOG: AUDIT: SESSION,5,1,ROLE,ALTER
ROLE,,,ALTER ROLE alice LOGIN CONNECTION LIMIT 1;,<none>
2016-09-30 15:03:11.528 UTC postgres postgres LOG: AUDIT:
SESSION,6,1,ROLE,GRANT,,,GRANT ALL ON TABLE pgauditExample TO bob;,<none>
2016-09-30 15:03:11.529 UTC postgres postgres LOG: AUDIT:
SESSION,7,1,ROLE,GRANT,,,GRANT SELECT ON TABLE pgauditExample TO alice;,<none>
2016-09-30 15:03:11.531 UTC postgres postgres LOG: AUDIT:
SESSION,8,1,ROLE,REVOKE,,,REVOKE ALL ON TABLE pgauditExample FROM bob;,<none>
2016-09-30 15:03:11.532 UTC postgres postgres LOG: AUDIT:
SESSION,9,1,ROLE,REVOKE,,,REVOKE ALL ON TABLE pgauditExample FROM
alice;,<none>
2016-09-30 15:03:11.534 UTC postgres postgres LOG: AUDIT: SESSION,10,1,ROLE,DROP
ROLE,,,DROP ROLE bob;,<none>
2016-09-30 15:03:11.876 UTC postgres postgres LOG: AUDIT: SESSION,11,1,ROLE,DROP
ROLE,,,DROP ROLE alice;,<none>
DDL Example
In the last example we configured pgAudit to audit all classes except misc and ddl. Building on
the previous example, add ddl:

ALTER SYSTEM SET pgaudit.log TO 'all, -misc';

SELECT pg_reload_conf();
With pgAudit set to audit the ddl class, have some fun with tables:

CREATE TABLE pgauditDDLExample(id SERIAL);

ALTER TABLE pgauditDDLExample ADD COLUMN name text;
CREATE POLICY namePolicy ON pgauditDDLExample FOR ALL USING (current_user =
'postgres');
DROP POLICY namePolicy on pgauditDDLExample;
DROP TABLE pgauditDDLExample;
Finally, check pg_log for the audit entries:

2016-09-30 15:07:02.776 UTC postgres postgres LOG: AUDIT: SESSION,2,1,DDL,CREATE

TABLE,,,CREATE TABLE pgauditDDLExample(id SERIAL);,<none>
2016-09-30 15:08:18.054 UTC postgres postgres LOG: AUDIT: SESSION,3,1,DDL,ALTER
TABLE,,,ALTER TABLE pgauditDDLExample ADD COLUMN name text;,<none>
2016-09-30 15:09:18.095 UTC postgres postgres LOG: AUDIT: SESSION,4,1,DDL,CREATE
POLICY,,,CREATE POLICY namePolicy ON pgauditDDLExample FOR ALL USING
(current_user = 'postgres');,<none>
2016-09-30 15:09:37.562 UTC postgres postgres LOG: AUDIT: SESSION,5,1,DDL,DROP
POLICY,,,DROP POLICY namePolicy on pgauditDDLExample;,<none>
2016-09-30 15:09:45.378 UTC postgres postgres LOG: AUDIT: SESSION,6,1,DDL,DROP
TABLE,,,DROP TABLE pgauditDDLExample;,<none>
MISC Example
The last class is MISC, configure pgAudit to audit all classes:

ALTER SYSTEM SET pgaudit.log TO 'all';

SELECT pg_reload_conf();
With pgAudit set to audit all classes, here's a demonstration of the misc class:

CHECKPOINT;
VACUUM pgauditExample;
Finally, check pg_log for the audit entries:

$ grep AUDIT postgresql-Fri.log | grep MISC

2016-09-30 15:17:45.214 UTC postgres postgres LOG: AUDIT:
SESSION,3,1,MISC,CHECKPOINT,,,CHECKPOINT;,<none>
2016-09-30 15:17:47.474 UTC postgres postgres LOG: AUDIT:
SESSION,4,1,MISC,VACUUM,,,VACUUM pgaud