Audit Manager

You can use the PEM Audit manager to configure, enable, and disable audit logging of EDB Postgres Advanced Server instances. The Audit manager also enables audit log collection, allowing you to view log data on the Audit Log Dashboard.

To run the Audit manager wizard, select Audit manager... from the PEM client Management menu. Audit manager opens, displaying the Welcome dialog:

Audit manager introduction

Audit Manager Wizard - Welcome page

Click Next to continue:

Audit manager server selection

Audit Manager Wizard - Select Servers page

Use the Select servers tree control to specify the servers to which the auditing configuration will be applied. To make a server available in the tree control, you must provide the Service ID on the PEM Server dialog. Note that only EDB Postgres Advanced Server supports auditing; PostgreSQL servers will not be included in the tree control.

Click Next to continue:

Audit manager audit parameters configuration

Audit Manager Wizard - Configuration page

Use the controls on the Audit parameters configuration dialog to specify configuration details that will be applied to each server:

  • Use the Auditing switch to Enable or Disable auditing on the specified servers.

  • Use the Audit destination drop-down to select a destination for the audit logs; select File or Syslog. Please note this feature is supported on Advanced Server 10 and newer releases only.

  • Use the Import logs to PEM switch to instruct PEM to periodically import log records from each server to the PEM Server. Set the switch to Yes to import log files; the default is No.

  • Use the Import frequency drop-down listbox to specify how often PEM will collect log records from monitored servers when log collection is enabled.

  • Use the Log format drop-down listbox to select the raw log format that will be written on each server. If log collection is enabled, the PEM server will use CSV format.

  • Use the File name field to specify the format used when generating log file names. By default, the format is set to audit-%Y-%m-%d_%H%M%S if log collection is enabled.

Use fields in the Log directory box to specify information about the directory in which the log files will be saved:

  • Move the Change log directory for selected servers? switch to Yes to enable the Directory name field.

  • Use the Directory name field to specify the name of the directory on each server into which audit logs will be written. The directory specified will be created as a sub-directory of the data directory on the server.

Click Next to continue:

Audit manager log configuration

Audit Manager Wizard - Log Parameters page

The Audit log configuration dialog is only available if you have specified a value of Enable in the Auditing field. Use the controls on the Audit log configuration dialog to specify log configuration details that will be applied to each server:

  • Use the Connection attempts switch to specify if connection attempts should be logged. Specify: None to disable connection logging, All to indicate that all connection attempts will be logged, or Failed to log any connection attempts that fail.

  • Use the Disconnection attempts switch to specify if disconnections should be logged. Specify None to specify that disconnections should not be logged, or All to enable disconnection logging.

  • Use the Log statements field to specify the statement types that will be logged. Click within the field, and select from:

    • Select - All statements that include the SELECT keyword will be logged

    • Error - All statements that result in an error will be logged.

    • DML - All DML (Data Modification Language) SQL statements will be logged.

    • DDL - All DDL (Data Definition Language) SQL statements (those that add, delete or alter data) will be logged.

    • Check the box next to Select All to select all statement types.

    • Check the box next to Unselect All to deselect all statement types.

  • Use the Audit tag field to specify a tracking tag for the collected logs. Please note that audit tagging functionality is available only for Advanced Server versions 9.5 and later. If you are defining auditing functionality for multiple servers, and one or more of the servers are version 9.5 or later, this field will be enabled, but if selected, tagging functionality will only apply to those servers that are version 9.5 or later.

Use the fields in the Log rotation box to specify how the log files are managed on each server:

  • Use the Enable? switch to specify that logfiles should be rotated. Please note that a new log file should be used periodically to prevent a single file becoming unmanageably large.

  • Use the Day drop-down listbox to select a day or days on which the log file will be rotated.

  • Use the Size (MB) field to specify a size in megabytes at which the log file will be rotated.

  • Use the Time (seconds) field to specify the number of seconds between log file rotations.

Click Next to continue:

Audit manager finish page

Audit Manager Wizard - Finish page

Use the Schedule auditing changes dialog to specify when the new configuration will be applied to the servers:

  • Set the Configure logging now? switch to Yes to apply the configuration immediately.

  • Use the Time? selector to schedule the audit configuration for a later time; use the date and time selectors to specify the date and time at which the PEM server will apply the configuration.

Click the Finish button to schedule a job to apply the configuration to each server. The job will consist of two tasks. One task will update the audit logging configuration on the server, and one task will reload the server with the new configuration.

The scheduled jobs can be viewed in the Task Viewer, and the results in the Log Viewer when opened from the appropriate server or agent.