POSTGRES queries logging
Decription
To provide security standart compliance like PCI DSS 10.2.2 (All actions taken by any
individual with root or administrative privilege), HIPAA and others all administrators actions must be logged.
To provide this requirement Postgres has mutliple options. Most company will be satisfacted with the folowing solution
Solution
This methon will sufficient if your application communicates with PostgreSQL with dedicated user and you don’t need to log such requests.
Add the folowing parameters to your postgres.conf
log_statement = 'all' #Log any requests log_destination = 'stderr,syslog' #log to file(if you need) and log to syslog syslog_facility = 'LOCAL0' #default value
Edit your rsyslog configuration:
$EscapeControlCharactersOnReceive off # Remove special characters from log #011 *.* @192.168.0.10:514 #send to remote rsyslog server #### RULES #### local0.* ~ #Don't log local, we'll send it to remote server. Should be the first rule
Alter appplication postgres user to ignore it all queries log:
Alter role APPUSER set log_statement to 'none';
Read log
Multiple line entries may be read with my script
cat /var/log/sql/requests.log|awk 'BEGIN{sqlid=""};{idcur=substr($6,2,match($6,"-")-2)};sqlid==idcur{for(i=7;i<=NF;++i)buf=buf " " $i};sqlid!=idcur{buf=buf "\n\n";print buf;sqlid=idcur;buf=$0;}'|grep --color user
It groups line with the same connection ID.
Ответить