What is PostgreSQL access auditing?
Access auditing captures login events and SQL statements, letting you answer �who touched what and when�. With the pgAudit extension you gain fine-grained, SQL-level logs that satisfy SOC, HIPAA, and PCI requirements.
Why choose pgAudit over standard logging?
log_statement records every query, creating noise. pgAudit filters by action class (READ, WRITE, ROLE, DDL) and object, producing audit-ready logs while controlling volume.
How do I enable pgAudit?
1. Install the package: CREATE EXTENSION pgaudit;
2. Add shared_preload_libraries = 'pgaudit' in postgresql.conf and restart.
3. Reload config after setting parameters shown in the syntax block.
How can I log only sensitive ecommerce tables?
Set pgaudit.log_relation = 'Customers,Orders,OrderItems'. PostgreSQL now emits audit rows only when those tables are accessed.
Where do audit entries appear?
Entries flow into the regular PostgreSQL logs with the prefix AUDIT:. Forward them to a centralized system (CloudWatch, Splunk, ELK) for retention and alerting.
How do I find failed login attempts?
Query your log aggregator for connection authorized: user=<> and FATAL: password authentication failed. Combine with pgAudit records to see if a compromised user executed SQL.
Best practices for production deployments
� Keep pgaudit.log_parameter = on to capture bind values.
� Use log rotation and compression to control disk usage.
� Periodically test that required statements are captured by replaying sample queries.
Common pitfalls and fixes
Restart required: editing shared_preload_libraries without restart leaves pgAudit inactive. Bounce the server and verify with SHOW shared_preload_libraries;.
Excessive volume: logging READ against high-traffic tables can flood storage. Limit tables or switch to WRITE,DDL,ROLE only.
Key takeaways
Enable pgAudit, scope tables, forward logs, and periodically review them. You now have traceability for every critical row in your ecommerce database.
.avif){kind=logo}
