Re: Similar to csvlog but not really, json logs?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


Stephen Frost wrote:

> To try to clarify that a bit, as it comes across as rather opaque even
> on my re-reading, consider a case where you can't have the
> "credit_card_number" field ever exported to an audit or log file, but
> you're required to log all other changes to a table.  Then consider that
> such a situation extends to individual INSERT or UPDATE commands- you
> need the command logged, but you can't have the contents of that column
> in the log file.

Perhaps you need a better example. Storing raw credit cards in the database 
is a bad idea (and potential PCI violation); audit/log files are only one 
of the many ways things can leak out. Encrypting sensitive columns is a 
solution that solves your auditing problem, and works on all current versions 
of Postgres. :)

> Our current capabilities around logging and auditing are dismal

No arguments there.

- -- 
Greg Sabino Mullane greg@turnstep.com
End Point Corporation http://www.endpoint.com/
PGP Key: 0x14964AC8 201408271200
http://biglumber.com/x/web?pk=2529DF6AB8F79407E94445B4BC9B906714964AC8
-----BEGIN PGP SIGNATURE-----

iEYEAREDAAYFAlP+AKgACgkQvJuQZxSWSsjf7gCg00BwRbwRi/UPrHBs1RdfWX/I
TRsAn2CDrG/ycetKOQFbn/4rnSSYPz9j
=Ju0B
-----END PGP SIGNATURE-----