Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Audit 'truncate table' statements only #43

Closed
ksiddi01 opened this issue Jan 25, 2018 · 6 comments
Closed

Audit 'truncate table' statements only #43

ksiddi01 opened this issue Jan 25, 2018 · 6 comments
Assignees
@dwsteele
Labels
question

Comments

@ksiddi01
Copy link

I have a need to audit 'truncate table' statements without INSERT, UPDATE and DELETE.

Any help to accomplish this will be very much appreciated.

Thanks.
@dwsteele dwsteele self-assigned this Mar 5, 2018
@dwsteele
Copy link
Contributor

dwsteele commented Mar 5, 2018

Truncate is included in the WRITE class: https://github.com/pgaudit/pgaudit#pgauditlog. Object logging is not possible with truncate.

@ksiddi01
Copy link
Author

ksiddi01 commented Mar 6, 2018

Is there a way to update the code so that WRITE is 'truncate table' only?

@dwsteele
Copy link
Contributor

dwsteele commented Mar 6, 2018

That would be an interface break, so no. It's possible that it could be added to a new class but that would not happen until PG11 as we don't add features to past versions. I am not in favor since truncate would then be in two classes.

Thoughts @sfrost, @jconway?

@ksiddi01
Copy link
Author

Here is the issue I am trying to resolve. WRITE includes INSERT, UPDATE, DELETE, TRUNCATE, and COPY. We would like to audit TRUNCATE only. INSERT, UPDATE and DELETE will generate many audit logs and TRUNCATE is not very common. Any recommendation for auditing TRUNCATE only? Is it permissible/recommended to modify the code for local use? If it is, can I have WRITE for TRUNCATE only?

@simonat2ndQuadrant
Copy link

simonat2ndQuadrant commented Mar 10, 2018 via email

@dwsteele
Copy link
Contributor

ISTM that we could add many new classes that match the first keyword of a command. i.e. Allow INSERT, UPDATE, DELETE, TRUNCATE, COPY as individual classes. That would give a much finer grained ability to filter and would be easy enough to implement.

This seems like a reasonable idea.

we don't add features to past versions.

Surely that is the benefit of an extension?

Generally, yes, but the goal is to keep pgaudit as stable as possible so we have only been back-patching bug fixes, in the model of Postgres core.

This would be a non-trivial change. All commands are now assigned to a single class so a number of places in the code would need to be touched to allow a command in two classes and log it appropriately. I don't see this as an important enough feature to be worth the risk.

I am not in favor since truncate would then be in two classes.
I don't see why that would cause a problem as long as it is documented.

Fair enough.

I would be open to a patch to implement this functionality but don't have time to spend on it myself.

@dwsteele dwsteele closed this as completed Oct 3, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dwsteele dwsteele

Labels
question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@simonat2ndQuadrant @dwsteele @ksiddi01