Обсуждение: Exclude certain application pgaudit logging?
Currently, we use Object audit logging to capture all READ access to columns FOO_1, FOO_2 and FOO_3 in table BAR.SCRABBLE. (They are the three columns have PII data.)
The problem is that the application legitimately reads these columns thousands of times per day. Thus, the log fills up with meaningless data that swamps any legitimate invalid accesses.
Thus, I'd like to exclude reads from "Postgresql JDBC Driver". (Currently, I filter that out using "grep -v" in a shell script that runs hourly from cron, but I find that unsatisfactory.)
On 2/6/24 10:11 AM, Ron Johnson wrote: > Currently, we use Object audit logging to capture all READ access to > columns FOO_1, FOO_2 and FOO_3 in table BAR.SCRABBLE. (They are the > three columns have PII data.) Using what audit software? > > The problem is that the application legitimately reads these columns > thousands of times per day. Thus, the log fills up with meaningless > data that swamps any legitimate invalid accesses. How do you know they are legitimate requests? > > Thus, I'd like to exclude reads from "Postgresql JDBC Driver". > (Currently, I filter that out using "grep -v" in a shell script > that runs hourly from cron, but I find that unsatisfactory.) -- Adrian Klaver adrian.klaver@aklaver.com
> On Feb 6, 2024, at 10:11, Ron Johnson <ronljohnsonjr@gmail.com> wrote: > Thus, I'd like to exclude reads from "Postgresql JDBC Driver". (Currently, I filter that out using "grep -v" in a shellscript that runs hourly from cron, but I find that unsatisfactory.) pgAudit doesn't currently include filters by application name. Philosophically, I don't think you want to filter on applicationname, because it's a completely client-supplied string that could easily be spoofed.
On 2/6/24 10:18 AM, Adrian Klaver wrote: > > On 2/6/24 10:11 AM, Ron Johnson wrote: >> Currently, we use Object audit logging to capture all READ access to >> columns FOO_1, FOO_2 and FOO_3 in table BAR.SCRABBLE. (They are the >> three columns have PII data.) > > > Using what audit software? Memo to self, read subject line. > > >> >> The problem is that the application legitimately reads these columns >> thousands of times per day. Thus, the log fills up with meaningless >> data that swamps any legitimate invalid accesses. > > > How do you know they are legitimate requests? > > >> >> Thus, I'd like to exclude reads from "Postgresql JDBC Driver". >> (Currently, I filter that out using "grep -v" in a shell script >> that runs hourly from cron, but I find that unsatisfactory.) > -- Adrian Klaver adrian.klaver@aklaver.com