From ebb09532c48b88bf0b4c05dfbdc955280a9186e7 Mon Sep 17 00:00:00 2001 From: Marcelo Henrique Neppel Date: Wed, 22 Oct 2025 13:06:01 -0300 Subject: [PATCH] Update event security logs documentation regarding logging charm operations Signed-off-by: Marcelo Henrique Neppel --- docs/.custom_wordlist.txt | 1 + docs/explanation/security/index.md | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/docs/.custom_wordlist.txt b/docs/.custom_wordlist.txt index 6ef00818b9..11152d9304 100644 --- a/docs/.custom_wordlist.txt +++ b/docs/.custom_wordlist.txt @@ -85,6 +85,7 @@ Nextcloud otf Parca Parca's +patroni Patroni patronictl pgAudit diff --git a/docs/explanation/security/index.md b/docs/explanation/security/index.md index 1aaf9c43ce..4f80ee6b30 100644 --- a/docs/explanation/security/index.md +++ b/docs/explanation/security/index.md @@ -100,6 +100,12 @@ The following information is configured to be logged: Other events, like connections and disconnections, are logged depending on the value of the charm configuration options related to them. For more information, check the configuration options with the `logging` prefix in the [configuration reference](https://charmhub.io/postgresql/configurations#logging_log_connections). +Also, all operations performed by the charm as a result of user actions — such as enabling or disabling plugins, managing TLS, creating or restoring backups, and configuring replication between clusters (asynchronous or logical) — are executed through the underlying workload components (PostgreSQL, Patroni, or pgBackRest). Consequently, these operations are recorded in the respective workload log files, which are accessible in the directories below and also forwarded to COS: + +* /var/snap/charmed-postgresql/common/var/log/patroni +* /var/snap/charmed-postgresql/common/var/log/pgbackrest +* /var/snap/charmed-postgresql/common/var/log/postgresql + No secrets are logged. ## Additional resources