Making GBase 8c Auditing Work: Traceable, Retainable, and Queryable

GBase 8c offers a comprehensive auditing framework, but simply flipping the switch is not enough for production. Effective auditing requires systematic design across audit scope, granularity, retention, and query access. This article focuses on making critical actions traceable — covering audit item configuration, log retention, using pg_query_audit as the primary query entry point, and routine inspection.

1. Define Audit Goals Before Selecting Items

GBase 8c supports a wide range of audit items — login/logout, privilege changes, DDL, DML, SELECT, COPY, function execution, SET parameters, etc. Most items can be enabled dynamically without a restart. However, enabling everything indiscriminately will flood the logs. Prioritise based on your goals:

Goal

Making GBase 8c Auditing Work: Traceable, Retainable, and Queryable

Making GBase 8c Auditing Work: Traceable, Retainable, and Queryable

Related reading

GBase 8a Security Hardening: Permissions, Password Policies, SSL Encryption,…

GBase 8c Object Dependency Checks Before Schema Changes

Stored Procedure Execution Context and Permission Chain Risks in GBase 8a

GBase 8c DDL Change Risks: Object Dependencies and Troubleshooting

GBase 8a Data Migration: Standardizing Export, Load, and Verification

The pgAudit Attribution Gap: Why Role-Level Logging Fails GDPR and How to Close…

Related reading

GBase 8a Security Hardening: Permissions, Password Policies, SSL Encryption,…

GBase 8c Object Dependency Checks Before Schema Changes

Stored Procedure Execution Context and Permission Chain Risks in GBase 8a

GBase 8c DDL Change Risks: Object Dependencies and Troubleshooting

GBase 8a Data Migration: Standardizing Export, Load, and Verification

The pgAudit Attribution Gap: Why Role-Level Logging Fails GDPR and How to Close…