Aiven for PostgreSQL® audit logging

The path to optimal data security, compliance, incident management, and system performance starts with collecting robust audit logs.

About audit logging

The audit logging feature allows you to monitor and track activities within relational database systems, such as Aiven for PostgreSQL®. Learn about multiple applications of this feature in Why use audit logging.

Why use audit logging

Data Security

• Monitor user activities to identify unusual or suspicious behavior
• Detect unauthorized access attempts to critical data or systems
• Identify intrusion attempts or unauthorized activities within the organization's IT environment

Compliance

• Use audit logs as regulatory compliance evidence to demonstrate that the organization meets industry or state regulations during audits
• Track access to sensitive data to comply with data privacy regulations

Accountability

• Have specific actions attributed to individual users to hold them accountable for their activities within the system
• Track changes to databases and systems to hold users accountable for alterations or configurations

Operational security

• Proactively identify and resolve security incidents
• Detect and respond to potential security threats

Incident management and root cause analysis

• Investigate an incident with a detailed trail of events leading up to it
• Analyze the root cause of an incident with audit logs providing data on actions and events that may have led to the incident

System performance optimization

• Monitor and analyze system performance to identify bottlenecks
• Analyzing audit logs to assess resource utilization patterns and optimize the system configuration

Data recovery and disaster planning

• Use audit logs for data restoration in case of data loss or system failure
• Analyze audit logs to improve system resilience and disaster planning strategies by identifying potential points of failure

Change management and version control

• Use audit logs to keep a record of changes made to databases, software, and configurations, ensuring proper version control

Use cases

The audit logging feature has application in the following industries:

• Finance and banking

  Ensuring compliance with regulatory requirements, tracking financial transactions, and detecting fraudulent activities

• Healthcare

  Maintaining the confidentiality and integrity of patient records as well as complying with privacy regulations

• Government and public sector

  Tracking changes in critical systems, securing sensitive data, and meeting legal and regulatory requirements

• Information technology (IT) and software companies

  Monitoring access to the systems, tracking software changes, and identifying potential security breaches

• Retail and e-commerce

  Tracking customer data, transactions, and inventory management to ensure data integrity and prevent unauthorized access

• Manufacturing

  Tracking changes to production processes, monitoring equipment performance, and maintaining data integrity for quality control

• Education

  Protecting sensitive student data, tracking changes to academic records, and monitoring system access for security purposes

Limitations

Aiven for PostgreSQL® audit logging requires the following:

• Aiven for PostgreSQL version 11 or later
• avnadmin superuser role
• psql for advanced configuration

How it works

Activation with predefined settings

To use the audit logging on your service (database) for collecting logs in Aiven for PostgreSQL, enable and configure this feature using the Aiven Console, the Aiven CLI, or psql.

Configuration options

When enabled on your service, the audit logging can be configured to match your use case. Audit logging parameters for fine-tuning the feature are the following:

• pgaudit.log (default: none) Classes of statements to be logged by the session audit logging

• pgaudit.log_catalog (default: on) Whether the session audit logging should be enabled for a statement with all relations in pg_catalog

• pgaudit.log_client Whether log messages should be visible to a client process, such as psql

• pgaudit.log_level Log level that should be used for log entries

• pgaudit.log_parameter (default: off) Whether audit logs should include the parameters passed with the statement

• pgaudit.log_parameter_max_size Maximum size (in bytes) of a parameter's value that can be logged

• pgaudit.log_relation (default: off) Whether a separate log entry for each relation (for example, TABLE or VIEW) referenced in a SELECT or DML statement should be created

• pgaudit.log_rows Whether the audit logging should include the rows retrieved or affected by a statement with the rows field located after the parameter field

• pgaudit.log_statement (default: on) Whether the audit logging should include the statement text and parameters

• pgaudit.log_statement_once (default: off) Whether the audit logging should include the statement text and parameters in the first log entry for a statement/sub-statement combination as opposed to including them in all the entries

• pgaudit.role Master role to use for an object audit logging

Full list of audit logging parameters

For information on all the configuration parameters, preview Settings.

Collecting and visualizing logs

You can access your collected audit logs either directly in the log output of your Aiven for PostgreSQL service or by integrating with another service that allows monitoring and analyzing logs, such as Aiven for OpenSearch®. To visualize your audit logs, you can use OpenSearch Dashboards.

Disabling audit logging

To disable the audit logging on your service (database), modify your service's advanced configuration with the Aiven Console, the Aiven CLI, or psql.

What's next

Set up the audit logging on your Aiven for PostgreSQL service and start collecting audit logs.