Scribd
Upload
17 views15 pages

12 Steps To Enabling Audit in PostgreSQL

Uploaded by

sisaystar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views15 pages

12 Steps To Enabling Audit in PostgreSQL

Uploaded by

sisaystar
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 15

12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

2 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

[root@mysql ~]# rpm -qa | grep postgres


postgresql13-server-13.7-1PGDG.rhel7.x86_64
postgresql13-libs-13.7-1PGDG.rhel7.x86_64
postgresql13-13.7-1PGDG.rhel7.x86_64

[root@mysql ~]# yum list pgaudit*


Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.isu.net.sa
* epel: mirror.earthlink.iq
* extras: mirrors.isu.net.sa
* updates: mirrors.isu.net.sa
Available Packages
pgaudit12_10.x86_64
1.2.4-1.rhel7 pgdg10
pgaudit13_11.x86_64
1.3.4-1.rhel7 pgdg11
pgaudit14_12.x86_64
1.4.3-1.rhel7 pgdg12
pgaudit15_13.x86_64
1.5.2-1.rhel7 pgdg13
pgaudit16_14.x86_64
1.6.2-1.rhel7 pgdg14
pgaudit_analyze.x86_64
1.0.7-1.rhel7

3 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

[root@mysql pgsql]# yum install pgaudit15*


Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirrors.isu.net.sa
* epel: mirror.earthlink.iq
* extras: mirrors.isu.net.sa
* updates: mirrors.isu.net.sa
Resolving Dependencies
--> Running transaction check
---> Package pgaudit15_13.x86_64 0:1.5.2-1.rhel7 will be installed
--> Finished Dependency Resolution

Dependencies Resolved

==============================================================================================
================================================================
Package Arch Version
Repository Size
==============================================================================================
================================================================
Installing:
pgaudit15_13 x86_64 1.5.2-1.rhel7
pgdg13 47 k

Transaction Summary
==============================================================================================
================================================================
Install 1 Package

Total download size: 47 k


Installed size: 91 k
Is this ok [y/d/N]: y
Downloading packages:
pgaudit15_13-1.5.2-1.rhel7.x86_64.rpm
| 47 kB 00:00:02
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
Installing : pgaudit15_13-1.5.2-1.rhel7.x86_64
1/1
Verifying : pgaudit15_13-1.5.2-1.rhel7.x86_64
1/1

Installed:
pgaudit15_13.x86_64 0:1.5.2-1.rhel7

Complete!

4 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

[postgres@mysql ~]$ cat /var/lib/pgsql/13/data/postgresql.conf | grep shared_preload_libraries


shared_preload_libraries = 'pgaudit' # (change requires restart)

[root@mysql pgsql]# systemctl restart postgresql-13.service

postgres=# create extension pgaudit;


CREATE EXTENSION
postgres=# \dx
List of installed extensions
Name | Version | Schema | Description
---------+---------+------------+---------------------------------
pgaudit | 1.5.2 | public | provides auditing functionality
plpgsql | 1.0 | pg_catalog | PL/pgSQL procedural language
(2 rows)

postgres=# show pgaudit.


pgaudit.log pgaudit.log_client pgaudit.log_parameter
pgaudit.log_statement_once
pgaudit.log_catalog pgaudit.log_level pgaudit.log_relation
pgaudit.role

postgres=# show pgaudit.log;


pgaudit.log

5 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

-------------
none
(1 row)

postgres=# alter system set pgaudit.log to read,write;


ALTER SYSTEM

postgres=# show pgaudit.log;


pgaudit.log
-------------
none
(1 row)

6 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

[root@mysql pgsql]# systemctl restart postgresql-13.service


[root@mysql pgsql]# su - postgres
Last login: Thu May 25 22:34:57 IST 2023 on pts/0
[postgres@mysql ~]$ psql
psql (13.7)
Type "help" for help.

postgres=# show pgaudit.log;


pgaudit.log
-------------
read, write
(1 row)

postgres=# create table pythian (id int);


CREATE TABLE
postgres=# insert into pythian values (1);
INSERT 0 1
postgres=# table pythian;
id
----
1
(1 row)

[postgres@mysql log]$ tail -25f postgresql-Thu.log

2023-05-25 22:38:52.140 IST [3135] STATEMENT: create table pythian (id number);
2023-05-25 22:39:01.460 IST [3135] LOG: AUDIT: SESSION,1,1,READ,SELECT,,,"SELECT
pg_catalog.quote_ident(c.relname) FROM pg_catalog.pg_class c WHERE c.relkind IN ('r', 'f',
'v', 'p') AND substring(pg_catalog.quote_ident(c.relname),1,2)='ed' AND
pg_catalog.pg_table_is_visible(c.oid) AND c.relnamespace <> (SELECT oid FROM
pg_catalog.pg_namespace WHERE nspname = 'pg_catalog')
UNION
SELECT pg_catalog.quote_ident(n.nspname) || '.' FROM pg_catalog.pg_namespace n WHERE
substring(pg_catalog.quote_ident(n.nspname) || '.',1,2)='ed' AND (SELECT pg_catalog.count(*)

7 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

FROM pg_catalog.pg_namespace WHERE substring(pg_catalog.quote_ident(nspname) || '.',1,2) =


substring('ed',1,pg_catalog.length(pg_catalog.quote_ident(nspname))+1)) > 1
UNION
SELECT pg_catalog.quote_ident(n.nspname) || '.' || pg_catalog.quote_ident(c.relname)
FROM pg_catalog.pg_class c, pg_catalog.pg_namespace n WHERE c.relnamespace = n.oid AND
c.relkind IN ('r', 'f', 'v', 'p') AND substring(pg_catalog.quote_ident(n.nspname) || '.' ||
pg_catalog.quote_ident(c.relname),1,2)='ed' AND substring(pg_catalog.quote_ident(n.nspname) ||
'.',1,2) = substring('ed',1,pg_catalog.length(pg_catalog.quote_ident(n.nspname))+1) AND
(SELECT pg_catalog.count(*) FROM pg_catalog.pg_namespace WHERE
substring(pg_catalog.quote_ident(nspname) || '.',1,2) = substring('ed',
1,pg_catalog.length(pg_catalog.quote_ident(nspname))+1)) = 1
LIMIT 1000",<not logged>
2023-05-25 22:39:06.403 IST [3135] LOG: AUDIT: SESSION,2,1,WRITE,INSERT,,,insert into pythian
values (1);,<not logged>
2023-05-25 22:39:11.685 IST [3135] LOG: AUDIT: SESSION,3,1,READ,SELECT,,,"SELECT
pg_catalog.quote_ident(c.relname) FROM pg_catalog.pg_class c WHERE c.relkind IN ('r', 'S',
'v', 'm', 'f', 'p') AND substring(pg_catalog.quote_ident(c.relname),1,2)='ed' AND
pg_catalog.pg_table_is_visible(c.oid) AND c.relnamespace <> (SELECT oid FROM
pg_catalog.pg_namespace WHERE nspname = 'pg_catalog')
UNION
SELECT pg_catalog.quote_ident(n.nspname) || '.' FROM pg_catalog.pg_namespace n WHERE
substring(pg_catalog.quote_ident(n.nspname) || '.',1,2)='ed' AND (SELECT pg_catalog.count(*)
FROM pg_catalog.pg_namespace WHERE substring(pg_catalog.quote_ident(nspname) || '.',1,2) =
substring('ed',1,pg_catalog.length(pg_catalog.quote_ident(nspname))+1)) > 1
UNION
SELECT pg_catalog.quote_ident(n.nspname) || '.' || pg_catalog.quote_ident(c.relname)
FROM pg_catalog.pg_class c, pg_catalog.pg_namespace n WHERE c.relnamespace = n.oid AND
c.relkind IN ('r', 'S', 'v', 'm', 'f', 'p') AND substring(pg_catalog.quote_ident(n.nspname) ||
'.' || pg_catalog.quote_ident(c.relname),1,2)='ed' AND
substring(pg_catalog.quote_ident(n.nspname) || '.',1,2) = substring('ed',
1,pg_catalog.length(pg_catalog.quote_ident(n.nspname))+1) AND (SELECT pg_catalog.count(*) FROM
pg_catalog.pg_namespace WHERE substring(pg_catalog.quote_ident(nspname) || '.',1,2) =
substring('ed',1,pg_catalog.length(pg_catalog.quote_ident(nspname))+1)) = 1
LIMIT 1000",<not logged>
2023-05-25 22:39:13.046 IST [3135] LOG: AUDIT: SESSION,4,1,READ,SELECT,,,table pythian;,<not
logged>

8 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

9 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

12 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

13 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

14 of 15 2/2/2024, 11:28 PM
12 Steps to Enabling Audit in PostgreSQL | Official Pythian®® Blog https://www.pythian.com/blog/12-essential-steps-for-a-comprehensive-...

15 of 15 2/2/2024, 11:28 PM

You might also like