Re: PostgreSQL Audit Extension
| От | Bruce Momjian |
|---|---|
| Тема | Re: PostgreSQL Audit Extension |
| Дата | |
| Msg-id | 20160219165826.GD30338@momjian.us обсуждение исходный текст |
| Ответ на | Re: PostgreSQL Audit Extension (David Steele <david@pgmasters.net>) |
| Список | pgsql-hackers |
On Fri, Feb 19, 2016 at 11:20:13AM -0500, David Steele wrote: > On 2/19/16 10:54 AM, Alvaro Herrera wrote: > > Bruce Momjian wrote: > > > >> Understood. My point is that there is a short list of read events, and > >> many DDL events. We have already hesitated to record DDL changes for > >> logical replication because of the code size, maintenance overhead, and > >> testing required. > > > > DDL is already captured using the event triggers mechanism (which is > > what it was invented for in the first place). The only thing we don't > > have is a hardcoded mechanism to transform it from C struct format to > > SQL language. > > Since DDL event triggers only cover database-level DDL they miss a lot > that is very important to auditing, e.g. CREATE/ALTER/DROP ROLE, > GRANT/REVOKE, CREATE/ALTER/DROP DATABASE, etc. Well, we need to enhance them then. > I would like to see a general mechanism that allows event triggers, > logical replication, and audit to all get the information they need > without them being tied to each other directly. I think the reporting of DDL would be produced in a way that could be used by auditing or logical replication, as I already stated. -- Bruce Momjian <bruce@momjian.us> http://momjian.us EnterpriseDB http://enterprisedb.com + As you are, so once was I. As I am, so you will be. + + Roman grave inscription +
В списке pgsql-hackers по дате отправления: