Re: PostgreSQL Audit Extension

On 2/19/16 10:54 AM, Alvaro Herrera wrote:
> Bruce Momjian wrote:
>
>> Understood.  My point is that there is a short list of read events, and
>> many DDL events.  We have already hesitated to record DDL changes for
>> logical replication because of the code size, maintenance overhead, and
>> testing required.
>
> DDL is already captured using the event triggers mechanism (which is
> what it was invented for in the first place).  The only thing we don't
> have is a hardcoded mechanism to transform it from C struct format to
> SQL language.

Since DDL event triggers only cover database-level DDL they miss a lot
that is very important to auditing, e.g. CREATE/ALTER/DROP ROLE,
GRANT/REVOKE, CREATE/ALTER/DROP DATABASE, etc.

I would like to see a general mechanism that allows event triggers,
logical replication, and audit to all get the information they need
without them being tied to each other directly.

--
-David
david@pgmasters.net