Skip to content

Configuration

Jump to bottom
aharonrobbins edited this page Nov 15, 2016 · 7 revisions

By default, after installation the Audit Plugin doesn't log activity. You must explicitly enable the type of logging desired. Configuration is done through the use of the PostgreSQL configuration file, postgresql.conf. Once set, the configuration cannot be changed except by editing the file and restarting the database server.

Available Audit Plugin configuration variables:

  • audit.json_file: Log json records to a file. Set to ON or OFF.

  • audit.json_file_name: json log file name. If the audit.json_file option is enabled the plugin writes the audit trail to this file. The value may be either an absolute path or relative to the PostgreSQL datadir. Default value: audit.json.

  • audit.json_unix_socket: Log json records to a UNIX domain socket. Set to ON or OFF.

  • audit.json_unix_socket_name: json UNIX socket name. If the audit.json_unix_socket option is enabled the plugin writes the audit trail to this UNIX domain socket.

  • audit.header_msg: Log header messages. Set to ON or OFF. Default value: ON.

  • audit.password_masking_regex: PCRE compliant regular expression used for password masking. The regex is applied to the SQL commands CREATE ROLE and ALTER ROLE.

  • audit.whitelist_cmds: Comma separated list of white-listed commands whose queries are not recorded. The default is to skip the SQL commands BEGIN, END, and COMMIT.

  • audit.debug_logs: Enable debug logging from the Audit plugin. Set to ON or OFF. The default is OFF.

Additional variables may be queried but may not be set:

  • audit.audit_version: Gives the version and revision of the plugin.

  • audit.audit_protocol_version: Gives the protocol version used by the plugin.

Example Configuration

shared_preload_libraries = 'audit'
audit.json_file = 1
Clone this wiki locally