All Products
Search
Document Center

ApsaraDB RDS:Use the pgAudit extension to generate audit logs

Last Updated:Dec 04, 2024

This topic describes how to use the pgAudit extension to generate audit logs for an ApsaraDB RDS for PostgreSQL instance in compliance with public service, financial, or ISO requirements. Audit logs help you analyze faults and operations on your RDS instance to obtain information about data queries.

Prerequisites

  • Your RDS instance meets the following requirements:

    • The RDS instance runs PostgreSQL 10 or later.

    • The minor engine version of your RDS instance is 20210531 or later. For more information about how to view and update the minor engine version of an RDS instance, see Update the minor engine version.

  • pgaudit is added to the value of the shared_preload_libraries parameter of your RDS instance.

    For more information about how to add pgaudit to the value of the shared_preload_libraries parameter, see Modify the parameters of an ApsaraDB RDS for PostgreSQL instance.

Usage notes

  • The pgAudit extension can generate a large amount of audit log data. The amount of audit log data that is generated varies based on the configuration of the pgAudit extension. Before you use the pgAudit extension to audit objects, we recommend that you evaluate the objects to prevent the pgAudit extension from generating a large amount of audit log data. A large amount of audit log data can exhaust the storage capacity of your RDS instance.

  • After an object is renamed, new audit log records that are generated by the pgAudit extension for the object are associated with the new name of the object.

Enable or disable the pgAudit extension

  • Enable the pgAudit extension.

    CREATE EXTENSION pgaudit;
  • Disable the pgAudit extension.

    DROP EXTENSION pgaudit;

References

For more information, see pgAudit documentation.