6

I've got a table which contains sensitive data and according to data protection policy we have to keep a record of every read/write of the data including a row identifier and the user who accessed the table. The writing is no issue using triggers but triggers aren't supported for SELECT statements.

What's the best method of doing this? I've looked at rules but I can't get them to INSERT into a table, and I've tried logging every query but this doesn't seem to log SELECT statements. Ideally for security I'd like to keep the log within a table on the database but logging to a file is fine too.

Thanks,
David

Improve this question

2 Answers 2

Reset to default
3

You could enable SENTENCE LOGGING in PostgreSQL:

In postgresql.conf:

log_statement = 'all'                   # none, ddl, mod, all

Then restart your database and all senteces will be logged.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

You can take either take the log files and import them into the database using the cvslog format, or setup something like syslog-ng to put the messages back into postgres or some other database.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.