Robert, all,
* Robert Haas (robertmh...@gmail.com) wrote:
> On Mon, May 11, 2015 at 9:07 PM, David Steele wrote:
> > The attached v12 patch removes the code that became redundant with
> > Alvaro committing the event trigger/deparse work. I've updated the
> > regression tests to reflect the chang
On Mon, May 11, 2015 at 9:07 PM, David Steele wrote:
> On 5/1/15 5:58 AM, Sawada Masahiko wrote:
>> For now, since pg_audit patch has a pg_audit_ddl_command_end()
>> function which uses part of un-committed "deparsing utility commands"
>> patch API,
>> pg_audit patch is completely depend on that p
On Thu, May 7, 2015 at 03:41:13PM -0400, Stephen Frost wrote:
> Bruce,
> > What is our history of doing things in contrib because we are not sure
> > what we want, then moving it into core? My general recollection is that
> > there is usually something in the contrib version we don't want to add
Peter,
* Peter Eisentraut (pete...@gmx.net) wrote:
> On 5/7/15 10:26 AM, Stephen Frost wrote:
> > Auditing is about "what happened" whereas
> > statement logging is "log whatever statement the user sent." pgAudit
> > bears this out by logging internal SQL statements and object
> > information, un
On 5/7/15 10:26 AM, Stephen Frost wrote:
> Auditing is about "what happened" whereas
> statement logging is "log whatever statement the user sent." pgAudit
> bears this out by logging internal SQL statements and object
> information, unlike what we do with statement logging today.
I don't think t
Bruce,
* Bruce Momjian (br...@momjian.us) wrote:
> On Thu, May 7, 2015 at 10:26:55AM -0400, Stephen Frost wrote:
> > * Peter Eisentraut (pete...@gmx.net) wrote:
> > > On 5/4/15 8:37 PM, Stephen Frost wrote:
> > > > I don't follow this logic. The concerns raised above are about changing
> > > > o
On Thu, May 7, 2015 at 10:26:55AM -0400, Stephen Frost wrote:
> * Peter Eisentraut (pete...@gmx.net) wrote:
> > On 5/4/15 8:37 PM, Stephen Frost wrote:
> > > I don't follow this logic. The concerns raised above are about changing
> > > our in-core logging. We haven't got in-core auditing and so
On 5/7/15 8:26 AM, Stephen Frost wrote:
> * Peter Eisentraut (pete...@gmx.net) wrote:
>> On 5/4/15 8:37 PM, Stephen Frost wrote:
>>> I don't follow this logic. The concerns raised above are about changing
>>> our in-core logging. We haven't got in-core auditing and so I don't see
>>> how they app
* Peter Eisentraut (pete...@gmx.net) wrote:
> On 5/4/15 8:37 PM, Stephen Frost wrote:
> > I don't follow this logic. The concerns raised above are about changing
> > our in-core logging. We haven't got in-core auditing and so I don't see
> > how they apply to it.
>
> How is session "auditing" su
On 5/4/15 8:37 PM, Stephen Frost wrote:
> I don't follow this logic. The concerns raised above are about changing
> our in-core logging. We haven't got in-core auditing and so I don't see
> how they apply to it.
How is session "auditing" substantially different from statement logging?
I think i
* Peter Eisentraut (pete...@gmx.net) wrote:
> On 5/4/15 3:00 PM, Stephen Frost wrote:
> > One particular advantage of having the extension is that having it
> > doesn't impact existing users of the in-core logging system. I don't
> > recall any specific proposals for improving the in-core logging
On 5/4/15 3:00 PM, Stephen Frost wrote:
> One particular advantage of having the extension is that having it
> doesn't impact existing users of the in-core logging system. I don't
> recall any specific proposals for improving the in-core logging system
> to add the capabilities for session logging
* Peter Eisentraut (pete...@gmx.net) wrote:
> On 4/30/15 6:05 AM, Fujii Masao wrote:
> > The specification of "session audit logging" seems to be still unclear to
> > me.
>
> As I had mentioned previously, I would prefer session audit logging to
> be integrated with the normal statement logging c
On 4/30/15 6:05 AM, Fujii Masao wrote:
> The specification of "session audit logging" seems to be still unclear to me.
As I had mentioned previously, I would prefer session audit logging to
be integrated with the normal statement logging configuration.
--
Sent via pgsql-hackers mailing list (pg
On 5/1/15 5:58 AM, Sawada Masahiko wrote:
> On Fri, May 1, 2015 at 6:24 AM, David Steele wrote:
>>
>> May 15th is the feature freeze, so that does give a little time. It's
>> not clear to me what a "self-contained" part of the patch would be. If
>> you have specific ideas on what could be broken
On Fri, May 1, 2015 at 6:24 AM, David Steele wrote:
> On 4/30/15 6:05 AM, Fujii Masao wrote:
>> On Thu, Apr 30, 2015 at 12:57 PM, Sawada Masahiko
>> wrote:
>>>
>>> I have changed the status this to "Ready for Committer".
>>
>> The specification of "session audit logging" seems to be still unclea
On Thu, Apr 30, 2015 at 12:57 PM, Sawada Masahiko wrote:
> On Wed, Apr 29, 2015 at 12:17 AM, David Steele wrote:
>> On 4/28/15 2:14 AM, Sawada Masahiko wrote:
>>> On Fri, Apr 24, 2015 at 3:23 AM, David Steele wrote:
I've also added some checking to make sure that if anything looks funny
>>>
On Wed, Apr 29, 2015 at 12:17 AM, David Steele wrote:
> On 4/28/15 2:14 AM, Sawada Masahiko wrote:
>> On Fri, Apr 24, 2015 at 3:23 AM, David Steele wrote:
>>> I've also added some checking to make sure that if anything looks funny
>>> on the stack an error will be generated.
>>>
>>> Thanks for th
On 4/28/15 2:14 AM, Sawada Masahiko wrote:
> On Fri, Apr 24, 2015 at 3:23 AM, David Steele wrote:
>> I've also added some checking to make sure that if anything looks funny
>> on the stack an error will be generated.
>>
>> Thanks for the feedback!
>>
>
> Thank you for updating the patch!
> I ran
On Fri, Apr 24, 2015 at 3:23 AM, David Steele wrote:
> On 4/23/15 5:49 AM, Sawada Masahiko wrote:
>>
>> I'm concerned that behaviour of pg_audit has been changed at a few
>> times as far as I remember. Did we achieve consensus on this design?
>
> The original author Abhijit expressed support for t
On Mon, Apr 20, 2015 at 10:17 PM, David Steele wrote:
> On 4/20/15 4:40 AM, Sawada Masahiko wrote:
>>
>> Thank you for updating the patch.
>>
>> One question about regarding since v7 (or later) patch is;
>> What is the different between OBJECT logging and SESSION logging?
>
> In brief, session log
On 4/20/15 4:40 AM, Sawada Masahiko wrote:
>
> Thank you for updating the patch.
>
> One question about regarding since v7 (or later) patch is;
> What is the different between OBJECT logging and SESSION logging?
In brief, session logging can log anything that happens in a user
session while obje
On Thu, Apr 16, 2015 at 2:34 AM, David Steele wrote:
> On 4/15/15 11:30 AM, Sawada Masahiko wrote:
>> On Wed, Apr 15, 2015 at 10:52 AM, Sawada Masahiko
>> wrote:
>>> I tested v8 patch with CURSOR case I mentioned before, and got
>>> segmentation fault again.
>>> Here are log messages in my envir
On 4/14/15 8:37 PM, Tatsuo Ishii wrote:
> BTW, in my understanding pg_audit allows to track a table access even
> if it's used in a view. I think this is a nice feature and it would be
> better explicitly stated in the document and the test case is better
> included in the regression test.
>
> Her
On Wed, Apr 15, 2015 at 10:52 AM, Sawada Masahiko wrote:
> On Wed, Apr 15, 2015 at 8:57 AM, David Steele wrote:
>> On 4/14/15 7:13 PM, Tatsuo Ishii wrote:
>>> This patch does not apply cleanly due to the moving of pgbench (patch
>>> to filelist.sgml failed).
>>
>> Thank you for pointing that out!
On Wed, Apr 15, 2015 at 8:57 AM, David Steele wrote:
> On 4/14/15 7:13 PM, Tatsuo Ishii wrote:
>> This patch does not apply cleanly due to the moving of pgbench (patch
>> to filelist.sgml failed).
>
> Thank you for pointing that out!
>
> Ironic that it was the commit directly after the one I was t
> Thank you for pointing that out!
>
> Ironic that it was the commit directly after the one I was testing with
> that broke the patch. It appears the end of the last CF is a very bad
> time to be behind HEAD.
>
> Fixed in attached v8 patch.
Thank you for your quick response.
BTW, in my underst
On 4/14/15 7:13 PM, Tatsuo Ishii wrote:
> This patch does not apply cleanly due to the moving of pgbench (patch
> to filelist.sgml failed).
Thank you for pointing that out!
Ironic that it was the commit directly after the one I was testing with
that broke the patch. It appears the end of the las
This patch does not apply cleanly due to the moving of pgbench (patch
to filelist.sgml failed).
Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp
> Attached is the v7 pg_audit patch.
>
> I've tried to address Peter's
On 4/6/15 5:03 PM, Alvaro Herrera wrote:
> Simon Riggs wrote:
>
>> The present version can trigger an audit trail event for a statement,
>> without tracking the object that was being audited. This prevents you
>> from searching for "all SQL that touches table X", i.e. we know the
>> statements wer
On 6 April 2015 at 20:38, David Steele wrote:
>> The earlier version of pg_audit generated different output.
>> Specifically, it allowed you to generate output for each object
>> tracked; one line per object.
That discussion covers recursive SQL. That is important too, but not
what I am saying.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 4/6/15 4:47 PM, Simon Riggs wrote:
> On 6 April 2015 at 16:34, Peter Eisentraut
> wrote:
>> "Audit" is a "big word". It might imply regulatory or standards
>> compliance on some level. We already have ways to log
>> everything. If customers w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 4/6/15 4:34 PM, Peter Eisentraut wrote:
> On 2/14/15 9:34 PM, David Steele wrote:
>> The patch I've attached satisfies the requirements that I've had
>> from customers in the past.
>
> What I'm missing is a more precise description/documentation
Simon Riggs wrote:
> The present version can trigger an audit trail event for a statement,
> without tracking the object that was being audited. This prevents you
> from searching for "all SQL that touches table X", i.e. we know the
> statements were generated, but not which ones they were. IMHO t
On 6 April 2015 at 16:34, Peter Eisentraut wrote:
> On 2/14/15 9:34 PM, David Steele wrote:
>> The patch I've attached satisfies the requirements that I've had from
>> customers in the past.
>
> What I'm missing is a more precise description/documentation of what
> those requirements might be.
>
>
On 2/14/15 9:34 PM, David Steele wrote:
> The patch I've attached satisfies the requirements that I've had from
> customers in the past.
What I'm missing is a more precise description/documentation of what
those requirements might be.
"Audit" is a "big word". It might imply regulatory or standar
On 4/6/15 8:40 AM, Sawada Masahiko wrote:
> On Fri, Apr 3, 2015 at 10:01 PM, David Steele wrote:
>> On 4/3/15 3:59 AM, Sawada Masahiko wrote:
>>> On Thu, Apr 2, 2015 at 2:46 AM, David Steele wrote:
Let me know if you see any other issues.
>>>
>>> I pulled HEAD, and then tried to compile
On Fri, Apr 3, 2015 at 10:01 PM, David Steele wrote:
> On 4/3/15 3:59 AM, Sawada Masahiko wrote:
>> On Thu, Apr 2, 2015 at 2:46 AM, David Steele wrote:
>>> Let me know if you see any other issues.
>>>
>>
>> I pulled HEAD, and then tried to compile source code after applied
>> following "deparsing
On Fri, Apr 3, 2015 at 10:01 PM, David Steele wrote:
> On 4/3/15 3:59 AM, Sawada Masahiko wrote:
>> On Thu, Apr 2, 2015 at 2:46 AM, David Steele wrote:
>>> Let me know if you see any other issues.
>>>
>>
>> I pulled HEAD, and then tried to compile source code after applied
>> following "deparsing
On 4/3/15 3:59 AM, Sawada Masahiko wrote:
> On Thu, Apr 2, 2015 at 2:46 AM, David Steele wrote:
>> Let me know if you see any other issues.
>>
>
> I pulled HEAD, and then tried to compile source code after applied
> following "deparsing utility command patch" without #0001 and #0002.
> (because t
On Thu, Apr 2, 2015 at 2:46 AM, David Steele wrote:
> Hi Sawada,
>
> On 3/25/15 9:24 AM, David Steele wrote:
>> On 3/25/15 7:46 AM, Sawada Masahiko wrote:
>>> 2.
>>> I got ERROR when executing function uses cursor.
>>>
>>> 1) create empty table (hoge table)
>>> 2) create test function as follows.
On 3/23/15 12:40 PM, David Steele wrote:
> On 3/23/15 1:31 AM, Abhijit Menon-Sen wrote:
>> I'm experimenting with a few approaches to do this without reintroducing
>> switch statements to test every command. That will require core changes,
>> but I think we can find an acceptable arrangement. I'll
Hi Sawada,
On 3/25/15 9:24 AM, David Steele wrote:
> On 3/25/15 7:46 AM, Sawada Masahiko wrote:
>> 2.
>> I got ERROR when executing function uses cursor.
>>
>> 1) create empty table (hoge table)
>> 2) create test function as follows.
>>
>> create function test() returns int as $$
>> declare
>>
On 3/25/15 7:46 AM, Sawada Masahiko wrote:
> On Wed, Mar 25, 2015 at 12:23 PM, David Steele wrote:
>>> On Wed, Mar 25, 2015 at 12:38 AM, David Steele wrote:
> 2. OBJECT auditing does not work before adding acl info to
> pg_class.rel_acl.
> In following situation, pg_audit can not aud
On Wed, Mar 25, 2015 at 12:23 PM, David Steele wrote:
>> On Wed, Mar 25, 2015 at 12:38 AM, David Steele wrote:
2. OBJECT auditing does not work before adding acl info to
pg_class.rel_acl.
In following situation, pg_audit can not audit OBJECT log.
$ cat postgresql.conf | grep
> On Wed, Mar 25, 2015 at 12:38 AM, David Steele wrote:
>>> 2. OBJECT auditing does not work before adding acl info to pg_class.rel_acl.
>>> In following situation, pg_audit can not audit OBJECT log.
>>> $ cat postgresql.conf | grep audit
>>> shared_preload_libraries = 'pg_audit'
>>> pg_audit.role
Hi David,
Thank you for your answer!
On Wed, Mar 25, 2015 at 12:38 AM, David Steele wrote:
> Hi Sawada,
>
> Thank you for taking the time to look at the patch.
>
> On 3/24/15 10:28 AM, Sawada Masahiko wrote:
>> I've applied these patchese successfully.
>>
>> I looked into this module, and had a
Hi Sawada,
Thank you for taking the time to look at the patch.
On 3/24/15 10:28 AM, Sawada Masahiko wrote:
> I've applied these patchese successfully.
>
> I looked into this module, and had a few comments as follows.
> 1. pg_audit audits only one role currently.
> In currently code, we can not m
On Tue, Mar 24, 2015 at 3:17 AM, Alvaro Herrera
wrote:
> Sawada Masahiko wrote:
>
>> I tied to look into latest patch, but got following error.
>>
>> masahiko [pg_audit] $ LANG=C make
>> gcc -Wall -Wmissing-prototypes -Wpointer-arith
>> -Wdeclaration-after-statement -Wendif-labels
>> -Wmissing-for
Sawada Masahiko wrote:
> I tied to look into latest patch, but got following error.
>
> masahiko [pg_audit] $ LANG=C make
> gcc -Wall -Wmissing-prototypes -Wpointer-arith
> -Wdeclaration-after-statement -Wendif-labels
> -Wmissing-format-attribute -Wformat-security -fno-strict-aliasing
> -fwrapv -
On 3/23/15 1:39 PM, Sawada Masahiko wrote:
> On Tue, Mar 24, 2015 at 1:40 AM, David Steele wrote:
>>
>> I have prepared a patch that brings event triggers and deparse back to
>> pg_audit based on the Alvaro's dev/deparse branch at
>> git://git.postgresql.org/git/2ndquadrant_bdr.git (commit 0447fc5
On Tue, Mar 24, 2015 at 1:40 AM, David Steele wrote:
> Thanks for the review, Abhijit.
>
> On 3/23/15 1:31 AM, Abhijit Menon-Sen wrote:
>> At 2015-02-24 11:22:41 -0500, da...@pgmasters.net wrote:
>>>
>>> Patch v3 is attached.
>>> +
>>> +/* Function execution */
>>> +LOG_MISC = (1 << 5),
>>
Thanks for the review, Abhijit.
On 3/23/15 1:31 AM, Abhijit Menon-Sen wrote:
> At 2015-02-24 11:22:41 -0500, da...@pgmasters.net wrote:
>>
>> Patch v3 is attached.
>> +
>> +/* Function execution */
>> +LOG_MISC = (1 << 5),
>
> The comment above LOG_MISC should be changed.
Fixed.
> More
At 2015-02-24 11:22:41 -0500, da...@pgmasters.net wrote:
>
> Patch v3 is attached.
>
> […]
>
> +/* Log class enum used to represent bits in auditLogBitmap */
> +enum LogClass
> +{
> + LOG_NONE = 0,
> +
> + /* SELECT */
> + LOG_READ = (1 << 0),
> +
> + /* INSERT, UPDATE, DELETE, TRUN
On 2/23/15 10:59 AM, David Steele wrote:
> On 2/17/15 10:34 AM, Stephen Frost wrote:
>> There seems to be a number of places which are 'pgaudit' and a bunch
>> that are 'pg_audit'. I'm guessing you were thinking 'pg_audit', but
>> it'd be good to clean up and make them all consistent.
>
> Fixed,
Hi Stephen,
Thanks for your review. All fixed except for comments below:
On 2/17/15 10:34 AM, Stephen Frost wrote:
>> +/*
>> + * Check privileges granted indirectly via role memberships. We do this
>> in
>> + * a separate pass to minimize expensive indirect membership tests. In
>>
On 2/18/15 8:25 AM, Simon Riggs wrote:
> On 15 February 2015 at 02:34, David Steele wrote:
>
>> I've posted a couple of messages over the last few weeks about the work
>> I've been doing on the pg_audit extension. The lack of response could
>> be due to either universal acclaim or complete apath
On 15 February 2015 at 02:34, David Steele wrote:
> I've posted a couple of messages over the last few weeks about the work
> I've been doing on the pg_audit extension. The lack of response could
> be due to either universal acclaim or complete apathy, but in any case I
> think this is a very im
David,
I've CC'd Abhijit, the original author of pgaudit, as it seems likely
he'd also be interested in this.
* David Steele (da...@pgmasters.net) wrote:
> I've posted a couple of messages over the last few weeks about the work
> I've been doing on the pg_audit extension. The lack of response co
I've posted a couple of messages over the last few weeks about the work
I've been doing on the pg_audit extension. The lack of response could
be due to either universal acclaim or complete apathy, but in any case I
think this is a very important topic so I want to give it another try.
I've extens
60 matches
Mail list logo
