Audit Logging Configuration Parameters v10

Use the following configuration parameters to control database auditing. See Summary of Configuration Parameters to determine if a change to the configuration parameter takes effect immediately, or if the configuration needs to be reloaded, or if the database server needs to be restarted.

edb_audit

Enables or disables database auditing. The values xml or csv will enable database auditing. These values represent the file format in which auditing information will be captured. none will disable database auditing and is also the default.

Note

The logging_collector parameter must be set to on to enable the edb_audit parameter.

edb_audit_directory

Specifies the directory where the log files will be created. The path of the directory can be relative or absolute to the data folder. The default is the PGDATA/edb_audit directory.

edb_audit_filename

Specifies the file name of the audit file where the auditing information will be stored. The default file name will be audit-%Y%m%d_%H%M%S. The escape sequences, %Y, %m etc., will be replaced by the appropriate current values according to the system date and time.

edb_audit_rotation_day

Specifies the day of the week on which to rotate the audit files. Valid values are sun, mon, tue, wed, thu, fri, sat, every, and none. To disable rotation, set the value to none. To rotate the file every day, set the edb_audit_rotation_day value to every. To rotate the file on a specific day of the week, set the value to the desired day of the week. every is the default value.

edb_audit_rotation_size

Specifies a file size threshold in megabytes when file rotation will be forced to occur. The default value is 0 MB. If the parameter is commented out or set to 0, rotation of the file on a size basis will not occur.

edb_audit_rotation_seconds

Specifies the rotation time in seconds when a new log file should be created. To disable this feature, set this parameter to 0, which is the default.

edb_audit_connect

Enables auditing of database connection attempts by users. To disable auditing of all connection attempts, set edb_audit_connect to none. To audit all failed connection attempts, set the value to failed, which is the default. To audit all connection attempts, set the value to all.

edb_audit_disconnect

Enables auditing of database disconnections by connected users. To enable auditing of disconnections, set the value to all. To disable, set the value to none, which is the default.

edb_audit_statement

This configuration parameter is used to specify auditing of different categories of SQL statements. Various combinations of the following values may be specified: none, dml, insert, update, delete, truncate, select, error, rollback, ddl, create, drop, alter, grant, revoke, and all. The default is ddl and error. See Selecting SQL Statements to Audit for information regarding the setting of this parameter.

edb_audit_tag

Use this configuration parameter to specify a string value that will be included in the audit log file for each entry as a tracking tag.

edb_log_every_bulk_value

Bulk processing logs the resulting statements into both the Advanced Server log file and the EDB Audit log file. However, logging each and every statement in bulk processing is costly. This can be controlled by the edb_log_every_bulk_value configuration parameter. When set to true, each and every statement in bulk processing is logged. When set to false, a log message is recorded once per bulk processing. In addition, the duration is emitted once per bulk processing. Default is set to false.

edb_audit_destination

Specifies whether the audit log information is to be recorded in the directory as given by the edb_audit_directory parameter or to the directory and file managed by the syslog process. Set to file to use the directory specified by edb_audit_directory, which is the default setting. Set to syslog to use the syslog process and its location as configured in the /etc/syslog.conf file. Note: In recent Linux versions, syslog has been replaced by rsyslog and the configuration file is in /etc/rsyslog.conf.

Note

Advanced Server allows administrative users associated with administrative privileges to audit statements by any user, group, or role. By auditing specific users, you can minimize the number of audit records generated. For information, see the examples under Selecting SQL Statements to Audit.

The following section describes selection of specific SQL statements for auditing using the edb_audit_statement parameter.