From: emreozt...@outlook.com
To: /pgsql-general@postgresql.org/
Subject: Single Line Query Logging
Date: Wed, 10 Jul 2013 13:16:13 +0300
Hello all,
Is there a parameter to log any SQL query as a single line in audit
logs? I have some problems in my SIEM application. If a DBA sends the
query as a single line I can gather the whole query, but if he enters like
UPDATE x .......
y=Z ......
where ......
I only get the line starts with UPDATE then I can not see what is
really changed in my SIEM logs. I have heard that there is a parameter
do what I mean. Do you agree?
No. There's no parameter to be set for log parsing in a simple way,
specially for multi-raws query. A possible solution is to use syslog
instead of stderr: syslog stores each log element as an independent item.
You can try setting
log_destination = 'syslog'
redirect_stderr = off
Then you have to setup syslog by editing your syslog conf (On Debian:
/etc/rsyslog.d/50-default.conf): add this new line (supposing your log
directory is /var/log/pgsql/, and 'local0' is set in "syslog_facility"
parameter in your postgres.conf - do a check)
LOCAL0.* -/var/log/pgsql
and in the "catch all log files" area add
LOCAL0.none
then restart syslog (sudo /etc/init.d/rsyslog restart). I've tried it,
and it works!
Giuseppe.
--
Giuseppe Broccolo - 2ndQuadrant Italy
PostgreSQL Training, Services and Support
giuseppe.brocc...@2ndquadrant.it | www.2ndQuadrant.it
