Hello,
I have installed pgaudit on top of Postgres 15 with Patroni, using the Percona repo. Exact version:
[postgres@percona1 patroni]$ /usr/pgsql-15/bin/postgres -V
postgres (PostgreSQL) 15.2 - Percona Distribution
[postgres@percona1 patroni]$ rpm -qa | grep -i pgaudit
percona-pgaudit-1.7.0-3.el8.x86_64
Related settings in PostgreSQL, from the Patroni yaml:
postgresql:
listen: ...
parameters:
...
log_destination: 'stderr,csvlog'
log_filename: 'postgresql-%Y%m%d.log'
log_line_prefix: '%m - Process=[%p], Application=[%a], User=[%u]@[%r]/[%d], SessionID=[%c], Session start=[%s]: '
log_min_duration_statement: 1000ms
log_min_duration_sample: 250ms
log_statement_sample_rate: 0.5
log_statement: 'ddl'
log_checkpoints: on
log_connections: on
log_disconnections: on
log_duration: on
log_lock_waits: on
...
pgaudit.log: all
pgaudit.log_catalog: off
pgaudit.log_parameter: on
pgaudit.log_directory: 'log'
pgaudit.log_filename: 'audit-%Y%m%d.csv'
pgaudit.log_rotation_age: 1d
pgaudit.log_connections: on
pgaudit.log_disconnections: on
I noticed that in the output CSV files, there are varying number of empty columns (commas). According to the pgaudit documentation (GitHub - pgaudit/pgaudit: PostgreSQL Audit Extension), the last column should be the statement parameters, which is mostly <none> for me. However there are some additional commas after that and I’m not sure where those come from. As far as I can tell, the very last column is the application name which executed the statement.
Some examples:
A pg_catalog related query ran by Patroni:
,<none>,,,,,,,,,Patroni
Something I ran manually from PgAdmin:
,<none>,,,,,,,,,pgAdmin 4 - CONN:1205219 - 10.x.x.x:49240
An anonymous block that I executed also from PgAdmin, with an internal procedure call, here there are two log lines:
,<none>,,,,,,,,,pgAdmin 4 - CONN:1205219 - 10.x.x.x:49240
,<none>,,,,,SQL statement "call test_proc(v_param1, v_param2)"
I also see that the amount of empty columns (commas) differs from line to line, which seems to go against the CSV format…