logs

Audit Logging

Share this post on:

Gearing up for my next YFTT presentation next month. It will be on fuzzy matching, a chance to show out some neat string search features.

Meanwhile, here’s the deck for my last YFTT. The topic was audit logging.

https://info.yugabyte.com/hubfs/YFTT%20Slide%20Decks/2022_12_02_YFTT_Valerie%20Parham-Thompson_Audit%20Logging%20in%20YugabyteDB.pdf

Audit logging is just one of the security features available in YugabyteDB. You can use it to tell you the “who, what, when, where” of actions on your systems. The logs can be then sent to a log analysis system for archiving and correlation with other logs.

First, configure the log_line_prefix. This will change the format of basic logging. Here’s a configuration I like to use:

--ysql_pg_conf_csv="log_line_prefix='%m [%p %l %c] %q[%C %R %Z %H] [%r%a %u %d] '"

The parameters are similar to that of Postgres, with the addition of H, C, R, and Z to add host, cloud, region, and zone information relevant to distributed systems.

The pgaudit library is bundled with YugabyteDB, so you just need to issue the “create extension” command. Following is the configuration I recommend.

 pgaudit.log = 'all, -misc'
 set pgaudit.log_parameter=on;
 set pgaudit.log_relation=on;
 set pgaudit.log_catalog=off;

Once you have it up and running, you’ll see more detailed info, like this:

2022-11-28 16:02:29.491 UTC [30832 13 6384d90c.7870] [gcp us-east1 us-east1-c yb-demo-parham-audit8-n1] [10.204.0.60(56986) ysqlsh yugabyte yugabyte] LOG:  AUDIT:
SESSION,3,1,READ,SELECT,TABLE,public.milliontable,select * from milliontable 
limit 10;,<none>

Check out the deck to see some of the results of the demo, in these areas:

  • create table
  • create user with grants
  • change user password
  • simple insert
  • simple read
  • create table as select
  • add indexes
  • read with joins
  • prepared statement
  • cte
  • function
  • create view
  • select from view
  • truncate table
  • transactions

My next YFTT session will be June 2, 2023. It will be on LinkedIn live.

Author: Valerie Parham-Thompson

View all posts by Valerie Parham-Thompson >