From ea1591cc9f9ab2cd52fcd513e96a080f62201cf9 Mon Sep 17 00:00:00 2001 From: Marcelo Henrique Neppel Date: Wed, 22 Oct 2025 13:31:17 -0300 Subject: [PATCH] Update event security logs documentation regarding logging charm operations Signed-off-by: Marcelo Henrique Neppel --- docs/.custom_wordlist.txt | 1 + docs/explanation/security/index.md | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/docs/.custom_wordlist.txt b/docs/.custom_wordlist.txt index 29b2e2d16b..aa010a36b2 100644 --- a/docs/.custom_wordlist.txt +++ b/docs/.custom_wordlist.txt @@ -87,6 +87,7 @@ Nextcloud otf Parca Parca's +patroni Patroni patronictl performant diff --git a/docs/explanation/security/index.md b/docs/explanation/security/index.md index 47fe58a5e0..e4667a1979 100644 --- a/docs/explanation/security/index.md +++ b/docs/explanation/security/index.md @@ -100,6 +100,12 @@ The following information is configured to be logged: Other events, like connections and disconnections, are logged depending on the value of the charm configuration options related to them. For more information, check the configuration options with the `logging` prefix in the [configuration reference](https://charmhub.io/postgresql/configurations#logging_log_connections). +Also, all operations performed by the charm as a result of user actions — such as enabling or disabling plugins, managing TLS, creating or restoring backups, and configuring replication between clusters (asynchronous or logical) — are executed through the underlying workload components (PostgreSQL, Patroni, or pgBackRest). Consequently, these operations are recorded in the respective workload log files, which are accessible in the directories below and also forwarded to COS: + +* /var/snap/charmed-postgresql/common/var/log/patroni +* /var/snap/charmed-postgresql/common/var/log/pgbackrest +* /var/snap/charmed-postgresql/common/var/log/postgresql + No secrets are logged. ## Additional resources