search

ossc-db / pgaudit

PostgreSQL Audit Extension
Other
2 stars 4 forks source link

(refactored branche) When "log_parameter = on" is specified and SQL with multiple parameters is executed, parameters are concatenated. #36

Closed harada-toshi closed 7 years ago

harada-toshi commented 7 years ago

Overview

config file sample

[output]
        logger = 'serverlog'
        level   = 'LOG'

[option]
        log_parameter = on

[rule]
        format = '%t,%d,%u,%p,%v,%statement_id,%sub_statement_id,%class,%command_tag,%object_type,%object_id,%command_parameter,%command_text'
        class = 'READ,WRITE,DDL,ROLE,FUNCTION,MISC'

Executed SQL

BEGIN;
PREPARE prep_dx AS SELECT * FROM pg_extension WHERE extname = $1 AND extversion = $2;
EXECUTE prep_dx ('plpgsql','1.0');
EXECUTE prep_dx ('hogehoge','2.0');
DEALLOCATE PREPARE prep_dx;
COMMIT;

Audit log

MasahikoSawada commented 7 years ago

Thanks!

In "advanced branch", a plurality of parameters were concatenated with spaces. "refactored branch" is also, I think it is better to connect the spaces between the parameters.

Yeah, the current output is hard to identify each parameter. It should be fixed. I guess that using the space character as a separator make the it difficult to parse it by the analyser. Wouldn't it be better if we use a comma(,) character as a separator like follows?

LOG:  AUDIT: SESSION,3,1,READ,2017-03-01 17:27:04 JST,postgres,postgres,[local],psql,2/3,0,,,SELECT,TABLE,pg_catalog.pg_extension,PREPARE prep_dx AS SELECT * FROM pg_extension WHERE extname = $1 AND extversion = $2;,,plpgsql,1.0
MasahikoSawada commented 7 years ago

As a result of off-discussion, we use a space as separator for each parameters same as what advanced branch does. Commit bf0df8de2fc5a8d86a59c7b22a9d3282ed3fe9f2 should fix it, please confirm it.

harada-toshi commented 7 years ago

Thanks! As with "advanced branch", it was confirmed that there was a space between the parameters.

LOG:  connection received: host=[local]
LOG:  connection authorized: user=postgres database=postgres
LOG:  AUDIT: SESSION,1,1,MISC,2017-03-02 15:34:14 JST,postgres,postgres,[local],psql,2/27,0,,,BEGIN,,,BEGIN;,<none>
LOG:  AUDIT: SESSION,2,1,READ,2017-03-02 15:34:14 JST,postgres,postgres,[local],psql,2/27,0,,,PREPARE,,,PREPARE prep_dx AS SELECT * FROM pg_extension WHERE extname = $1 AND extversion = $2;,<none>
LOG:  AUDIT: SESSION,3,1,READ,2017-03-02 15:34:14 JST,postgres,postgres,[local],psql,2/27,0,,,SELECT,TABLE,pg_catalog.pg_extension,PREPARE prep_dx AS SELECT * FROM pg_extension WHERE extname = $1 AND extversion = $2;,plpgsql 1.0
LOG:  AUDIT: SESSION,3,2,MISC,2017-03-02 15:34:14 JST,postgres,postgres,[local],psql,2/27,0,,,EXECUTE,,,"EXECUTE prep_dx ('plpgsql','1.0');",<none>
LOG:  AUDIT: SESSION,4,1,READ,2017-03-02 15:34:14 JST,postgres,postgres,[local],psql,2/27,0,,,SELECT,TABLE,pg_catalog.pg_extension,PREPARE prep_dx AS SELECT * FROM pg_extension WHERE extname = $1 AND extversion = $2;,hogehoge 2.0
LOG:  AUDIT: SESSION,4,2,MISC,2017-03-02 15:34:14 JST,postgres,postgres,[local],psql,2/27,0,,,EXECUTE,,,"EXECUTE prep_dx ('hogehoge','2.0');",<none>
LOG:  AUDIT: SESSION,5,1,MISC,2017-03-02 15:34:14 JST,postgres,postgres,[local],psql,2/27,0,,,DEALLOCATE,,,DEALLOCATE PREPARE prep_dx;,<none>
LOG:  AUDIT: SESSION,6,1,MISC,2017-03-02 15:34:14 JST,postgres,postgres,[local],psql,2/27,0,,,COMMIT,,,COMMIT;,<none>
LOG:  disconnection: session time: 0:00:00.022 user=postgres database=postgres host=[local]
MasahikoSawada commented 7 years ago

Thanks! Close.