Skip to content
/ pg-json-audit-trigger Public
forked from hhh0pE/pg-json-audit-trigger

Simple, easily customised trigger-based auditing for PostgreSQL (Postgres). See also pgaudit.

4 stars 241 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tekells-usgs/pg-json-audit-trigger

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

27 Commits
AUTHORS
AUTHORS
 
 
COPYRIGHT
COPYRIGHT
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
audit.sql
audit.sql
 
 

Repository files navigation

PG JSON Audit Trigger

A simple, customisable table audit system for PostgreSQL implemented using triggers.

This trigger is based on https://github.com/2ndQuadrant/audit-trigger. It has been modified to include the following features:

  • Customizable "application.name" setting for specifying source application
  • Customizable "application.user" setting for specifying active application user
  • The original and diff columns are now stored in JSON instead of HSTORE. The JSON diff value is a recursive JSON diff of changes made to the original record and any JSON columns within.
  • Additional naming convention tweaks
  • row_key has been added for a key back to the row in the audited table

Requires PostgreSQL 9.5+

More info about changes for row_key

  • a key value from the audited row is stored in the row_key column of the log table as text
  • the source column is configurable and defaults to 'id'
    • if the column is not found, the row_key is just set to NULL
  • audit_table functions have been changed for setting of the row_key source column name
  • an index on (schema_name, table_name, row_key, action_tstamp_tx DESC) has been added to the log table for queries to find recent changes for a given row of a given table

Basic Usage

To enable auditing:

SELECT audit.audit_table('target_table_name');

To disable auditing:

DROP TRIGGER audit_trigger_row ON target_table_name;
DROP TRIGGER audit_trigger_stm ON target_table_name;

Additional Options

To use a different source column for row_key

SELECT audit.audit_table('target_table_name', 'row_key_column_name');

Arguments for full version of audit_table function:

  • target_table: Table name, schema qualified if not on search_path
  • audit_rows: Record each row change, or only audit at a statement level
  • audit_query_text: Record the text of the client query that triggered the audit event?
  • ignored_cols: Columns to exclude from update diffs, ignore updates that change only ignored cols.
  • row_key_col: Column used to identify a row in the target_table.

an example using all of these

SELECT audit.audit_table('target_table_name', 'true', 'false', '{version_col, changed_by, changed_timestamp}'::text[], 'row_key_column_name');

See also:

https://wiki.postgresql.org/wiki/Audit_trigger_91plus
and the comments in the SQL.

About

Simple, easily customised trigger-based auditing for PostgreSQL (Postgres). See also pgaudit.

Resources

Readme
Activity

Stars

4 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • PLpgSQL 99.6%
  • Dockerfile 0.4%