Comments (6)
dwsteele
commented on May 18, 2024
Truncate is included in the WRITE class: https://github.com/pgaudit/pgaudit#pgauditlog. Object logging is not possible with truncate.
from pgaudit.
ksiddi01
commented on May 18, 2024
Is there a way to update the code so that WRITE is 'truncate table' only?
from pgaudit.
dwsteele
commented on May 18, 2024
That would be an interface break, so no. It's possible that it could be added to a new class but that would not happen until PG11 as we don't add features to past versions. I am not in favor since truncate would then be in two classes.
from pgaudit.
ksiddi01
commented on May 18, 2024
Here is the issue I am trying to resolve. WRITE includes INSERT, UPDATE, DELETE, TRUNCATE, and COPY. We would like to audit TRUNCATE only. INSERT, UPDATE and DELETE will generate many audit logs and TRUNCATE is not very common. Any recommendation for auditing TRUNCATE only? Is it permissible/recommended to modify the code for local use? If it is, can I have WRITE for TRUNCATE only?
from pgaudit.
simonat2ndQuadrant
commented on May 18, 2024
On 6 March 2018 at 15:23, David Steele ***@***.***> wrote:
That would be an interface break, so no. It's possible that it could be
added to a new class but that would not happen until PG11 as
None of the existing classes for pgaudit.log are the same as names of
commands.
ISTM that we could add many new classes that match the first keyword of a
command. i.e. Allow INSERT, UPDATE, DELETE, TRUNCATE, COPY as individual
classes. That would give a much finer grained ability to filter and would
be easy enough to implement.
we don't add features to past versions.
Surely that is the benefit of an extension? Later versions of the extension
can enhance the behavior for previous major releases of PostgreSQL. We can
still have stability in pgaudit while allowing useful new functionality in
older versions.
I am not in favor since truncate would then be in two classes.
I don't see why that would cause a problem as long as it is documented.
…--
Simon Riggs http://www.2ndQuadrant.com/
<http://www.2ndquadrant.com/>
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
from pgaudit.
dwsteele
commented on May 18, 2024
ISTM that we could add many new classes that match the first keyword of a command. i.e. Allow INSERT, UPDATE, DELETE, TRUNCATE, COPY as individual classes. That would give a much finer grained ability to filter and would be easy enough to implement.
This seems like a reasonable idea.
we don't add features to past versions.
Surely that is the benefit of an extension?
Generally, yes, but the goal is to keep pgaudit as stable as possible so we have only been back-patching bug fixes, in the model of Postgres core.
This would be a non-trivial change. All commands are now assigned to a single class so a number of places in the code would need to be touched to allow a command in two classes and log it appropriately. I don't see this as an important enough feature to be worth the risk.
I am not in favor since truncate would then be in two classes.
I don't see why that would cause a problem as long as it is documented.
Fair enough.
I would be open to a patch to implement this functionality but don't have time to spend on it myself.
from pgaudit.
Related Issues (20)
- please create branch for 15 postgres)) HOT 1
- clear text password in postgres log while creating pglogical node HOT 2
- Error when compiling on postgres version 12.5 or greater HOT 1
- Don't log parameters but only for CREATE queries or only for one relation HOT 1
- `INSERT` with `RETURNING` emits a log over a column that's not being selected
- Not getting log using pgaudit HOT 1
- Hydra database supporting HOT 1
- ERROR: could not find function "pgaudit_ddl_command_end" in file "C:/Program Files/PostgreSQL/13/lib/pgaudit.dll.
- Revoking SELECT from the audit role does not disable read object audit logging for that relation HOT 5
- Audit log csv by pgaudit version 1.6.2 has 3 extra columns HOT 11
- SegV error from log_select_dml() HOT 5
- Help: How to save logs into database?
- password visible during create user and grant role simultaneously via pgadmin HOT 15
- PostgreSQL 16 support HOT 11
- log_catalog is off, but still some catalog SQL is logged HOT 3
- Unable to find required files
- Bad search_path in extension script HOT 2
- Unable to install pgaudit on RHEL 8
- Pgaudit make command fails for REL_13_STABLE
- Connection Drop and PgAudit disabled HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pgaudit.