search

ossc-db / pgaudit

PostgreSQL Audit Extension
Other
2 stars 4 forks source link

(refactored branch) When log_connections or log_disconnections is turned off and reloaded, connection audit logs are no longer output. #31

Closed harada-toshi closed 7 years ago

harada-toshi commented 7 years ago

Overview

When log_connections or log_disconnections is turned off and reloaded, connection audit logs are no longer output. In the advanced branch, these parameters were forced to be on. For this reason, even after reloading with the parameter set to off, the connection audit log was output.

We think that it is undesirable to be able to change the output of the audit log by reloading.

log

The log_connections and log_disconnections of postgresql.conf in the off, reload.

$ pg_ctl -w reload -D ~/pgdata/9.6-pgaudit/
server signaled
LOG:  received SIGHUP, reloading configuration files
LOG:  parameter "log_connections" changed to "off"
LOG:  parameter "log_disconnections" changed to "off"

Turn on log_connections and log_disconnections in postgresql.conf and reload. The connection audit log is output again.

Even if you connect from the client (eg psql) in this state, the audit log is not output.

$ pg_ctl -w reload -D ~/pgdata/9.6-pgaudit/
server signaled
LOG:  received SIGHUP, reloading configuration files
LOG:  parameter "log_connections" changed to "on"
LOG:  parameter "log_disconnections" changed to "on"
LOG:  AUDIT: SESSION,,,CONNECT,2017-02-22 18:23:07 JST,,,[local],[unknown],,0,00000,connection received: host=[local],,,,,
LOG:  connection received: host=[local]
LOG:  AUDIT: SESSION,,,CONNECT,2017-02-22 18:23:07 JST,postgres,postgres,[local],[unknown],2/24,0,00000,connection authorized: user=postgres database=postgres,,,,,
LOG:  connection authorized: user=postgres database=postgres
LOG:  AUDIT: SESSION,,,CONNECT,2017-02-22 18:23:11 JST,postgres,postgres,[local],psql,,0,00000,disconnection: session time: 0:00:03.129 user=postgres database=postgres host=[local],,,,,
LOG:  disconnection: session time: 0:00:03.129 user=postgres database=postgres host=[local]
MasahikoSawada commented 7 years ago

Thank you for the report!

even after reloading with the parameter set to off, the connection audit log was output.

Does it mean that pgaudit emits these logs regardless of parameter value even if the user can set these parameters to off by reloading and SHOW log_connections return off? Or pgaudit disallows the user to change these parameters during running?

MasahikoSawada commented 7 years ago

I've pushed a change to resolve this issue. The idea is changing the contexts of these three GUC parameter to PGC_POSTMASTER when starting up. That way we can guarantee that these parameter cannot be changed during server running. This idea is convenience to resolve this issue but at the same time it can be a restriction for the user who don't want to log the connection log. So I think we should check and change these parameter at starting up only when connection log is required (i.g. there is the rule section specifying CONNECT class). Thought?

Anyway commit bf6bb09d977ccf5653ad1ecb84e32de630988ed3 should fix it, please confirm it.

harada-toshi commented 7 years ago

Thank you very much. We confirmed that each parameter (log_connections, log_disconnections, log_replication_commands) can not be changed after starting pgaudit.

$ psql -U postgres
psql (9.6.2)
Type "help" for help.

postgres=# SET log_disconnections = off;
ERROR:  parameter "log_disconnections" cannot be changed without restarting the server
postgres=# SET log_connections = off;
ERROR:  parameter "log_connections" cannot be changed without restarting the server
postgres=# SET log_replication_commands = off;
ERROR:  parameter "log_replication_commands" cannot be changed without restarting the server
postgres=#
MasahikoSawada commented 7 years ago

Thanks! Close.