On Wed, 15 Jan 2025 08:54:06 +0000 Sumanth Vishwaraj <sumanth.vishwa...@oracle.com> wrote:
> Oracle Audit Vault and Database Firewall (AVDF) audits/monitors > database activities. This product helps enterprises to manage the > security posture of Oracle , PostgreSQL and other databases. > > Oracle AVDF helps customers in India comply with the Ministry of > Corporate Affairs (MCA) Guidelines > (https://www.mca.gov.in/Ministry/pdf/AuditAuditorsAmendmentRules_24032021.pdf) > As per the MCA guidelines it is mandatory to capture details of what > data was changed, when it was changed and who made the change. > > PostgreSQL generates and stores (change data capture) information in > transaction log, which is in turn read by Oracle GoldenGate and > stored in XML files. These XML files are processed by AVDF and stored > in AVDF database. Hi Sumanth - I think your question would be better suited to the general (users) list, since it's more of a "user" question. This "hackers" email list is used by developers working on Postgres internals. I think you might misunderstand Oracle's auditing features. IIUC, neither the traditional SYS.AUD$ table nor the new unified audit trail in Oracle are populated from redo, but both are populated by directly intercepting events. A common solution following a similar model in the Postgres space is pgaudit. I would suggest to start out by reading the pgaudit documentation here: https://github.com/pgaudit/pgaudit/blob/main/README.md Pgaudit is an "extension" that's installed separately and added on to Postgres, with its own distinct group of maintainers. I'm not sure if it has a dedicated forum for questions and discussion, but I'm sure you could ask questions on the community Postgres slack, IRC, telegram, and other popular online Postgres community forums. I don't know if it would be considered out of place to ask questions about pgaudit on the pgsql-general list (because it's an extension and doesn't come from postgresql.org) but I am sure there are a lot of pgaudit users here, so questions might be ok over on the general (users) mailing list. There are a lot of people (including my company) using Postgres in regulated industries around the world and it has robust capabilites to meet regulations. Oracle is a great database too. Good luck with your project! -Jeremy
