Postgres Audit - How to get information on who is performing the DDL operation?
I'm trying to enable pgaudit in an Azure Postgres Single Server. I have followed the instructions provided by Microsoft and also the documentation of Postgres.
These are my settings ( the 2 Selected in the picture below are DDL and ROLE )
Log parameters
Then I have configured a destination for the files using a storage account. So far so good. The I ran this test case
postgres=> create table test_audit ( c1 integer ) ;
CREATE TABLE
postgres=> \dt test_audit
List of relations
Schema | Name | Type | Owner
--------+------------+-------+------------
public | test_audit | table | posadmn001
(1 row)
postgres=> insert into test_audit values ( 1 ) ;
INSERT 0 1
postgres=> insert into test_audit values ( 2 ) ;
INSERT 0 1
postgres=> alter table test_audit add c2 integer ;
ALTER TABLE
postgres=> drop table test_audit ;
DROP TABLE
So I should expect only entries for DDL operations, not for the DML, and that is working fine.
Create Table
"message": "*AUDIT: SESSION,1,1,DDL,CREATE TABLE,TABLE,public.test_audit,create table test_audit ( c1 integer ) ;,<none>","detail": "","errorLevel": "LOG","domain": "postgres-11","schemaName": "","tableName": "","columnName": "","datatypeName"
Alter Table
"message": "AUDIT: SESSION,2,1,DDL,ALTER TABLE,TABLE,public.test_audit,alter table test_audit add c2 integer ;,<none>","detail": "","errorLevel": "LOG","domain": "postgres-11","schemaName": "","tableName": "","columnName": "","datatypeName"
Drop table
"message": "AUDIT: SESSION,1,1,DDL,DROP TABLE,TABLE,public.test_audit,drop table test_audit ;,<none>","detail": "","errorLevel": "LOG","domain": "postgres-11","schemaName": "","tableName": "","columnName": "","datatypeName"
However, the audit trails don't show who have performed such operations. I mean, if I review the logs line by line, obviously there is an entry for the connection itself by the admin user, but not related to the AUDIT itself. Is there any way to collect the user within the audit trail together with the DDL operation? So that when I am looking for messages with the word AUDIT, I can get the command and the user who did it.
Thank you for your help
You can get the user name in the log line prefix by adding %u to log_line_prefix. A useful setting might be
log_line_prefix = '%m [%p] %q%u@%d (%h) '
- How to enforce uniqueness across two columns within the scope of a third?
- pg_dump and pg_restore across different major versions of PostgreSQL
- hasMany called with something that's not an instance of Sequelize.Model
- PostgreSQL unterminated quoted identifier
- Multi-row insert with pg-promise
- SQL getting the data by timestamp interval
- Insert inserted id to another table
- docker compose psql: error: FATAL: role "postgres" does not exist
- Counting business hours between timestamps
- "row is too big (...) maximum size 8160" when running "grant connect on database"
- How to cast type bytea to double precision
- Transform timestamp to local time for a given timezone during 'COPY .. TO ..'
- Better way than multiple SELECT statements?
- How to call a stored procedure(PostgreSQL) with Spring JPA?
- Why does 'now()'::timestamp return the current timestamp in PostgreSQL?
- Get TZ abbrev for given timestamp and TZ name
- Avoid checks for each row, replace query by function?
- Get average for "last month" only
- Select values in given sequential numbers
- Sum time differences across multiple timezones in PostgreSQL
- Unexpected results from SQL query with BETWEEN timestamps
- Disadvantages of using date_trunc
- Will changing column from timestamp to timestamptz lock the table?
- Subtract hours from the now() function
- Postgresql 8.4 update query syntax error in plpgsql function
- Return rows based on timestamp respective to their time zone
- time zone confusion in relational databases
- Default timestamp format and fractional seconds
- SQL in postgres convert datetime for recurring event to future datetime
- Query on a time range ignoring the date of timestamps