-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathDESIGN
34 lines (22 loc) · 1.12 KB
/
DESIGN
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
What pgaudit does
=================
1. Uses an ExecutorCheckPerms_hook to log DML commands.
2. Uses event triggers to support some DDL commands, depending on the
server version and the availability of ddl_command_end triggers with
pg_event_trigger_get_creation_commands().
3. Uses a ProcessUtility_hook to log DDL and utility commands that are
not supported by event triggers or the object_access_hook.
4. Uses an object_access_hook to log function execution and, if event
triggers are not available, also CREATE/ALTER commands.
5. Logs to the server log file with ereport().
What else pgaudit could do
==========================
1. Support logging to a separate log file and to a table.
2. Use a ClientAuthentication_hook to record login events.
3. Decode and log read/written column names in DML commands.
4. Use a logical decoding output plugin to also record column
values in DML commands.
5. Use extensible reloptions (or a similar mechanism) to allow
per-object auditing configuration.
6. Use pg_event_trigger_get_deletion_commands(), once it has been
implemented, to provide deparsed DDL for DROP commands.