Help Center/ GaussDB/ Developer Guide(Centralized_2.x)/ Database Security Management/ Configuring Database Audit/ Maintaining Audit Logs
Updated on 2023-10-23 GMT+08:00
View PDF
Share

Maintaining Audit Logs

Prerequisites

You have the audit permission.

Background

  • Table 1 lists the configuration parameters related to audit logs and the parameter descriptions.
    Table 1 Configuration parameters of audit logs

    Parameter

    Description

    Default Value

    audit_directory

    Audit file storage directory

    $GAUSSLOG/pg_audit

    audit_resource_policy

    Policy for saving audit logs

    on (indicating that the space configuration policy is used)

    audit_space_limit

    Maximum storage space occupied by audit files

    1 GB

    audit_file_remain_time

    Minimum period for storing audit log files

    90

    audit_file_remain_threshold

    Maximum number of audit files in the audit directory

    1048576
  • The pg_delete_audit function is used to delete audit logs and is an internal SQL function of the database. Its syntax is as follows: 
    pg_delete_audit(timestamp startime,timestamp endtime)

    startime and endtime indicate the audit record start time and end time, respectively.

  • Audit content is commonly recorded to database tables or OS files. Table 2 lists the advantages and disadvantages of the two record methods.
    Table 2 Comparison between the two record methods

    Mode

    Benefit

    Drawback

    Record in tables

    Users do not need to maintain audit logs.

    Any users having certain permissions to access database objects can access the audit tables. If a user illegally performs operations on the audit tables, the audit records may become inaccurate.

    Record in OS files

    This method has higher security because a user with the permission to access the database may not have the permission to access the OS files.

    Users need to maintain audit logs.

    For database security purposes, GaussDB adopts the second method to save audit results for reliability.

Procedure

  1. Connect to a database. For details, see Connecting to a Database.
  2. Select a method to maintain audit logs.

    • Automatic deletion of audit logs

      If the storage space occupied by audit files or the number of audit files reaches the upper limit, the system automatically deletes the oldest audit files and records deletion information to audit logs.

      By default, the allowed maximum storage space that can be occupied by audit files is set to 1024 MB. Users can set the value as required.

      Configure the allowed maximum size of storage space occupied by audit files (audit_space_limit).

      Configure the maximum number of audit files (audit_file_remain_threshold).

    • Manually back up audit files.

      If the storage space occupied by audit files or the number of audit logs exceeds the threshold specified by the configuration file, the system automatically deletes the oldest audit files. Therefore, you are advised to periodically save important audit logs.

      1. Run the show command to view the directory (audit_directory) where audit files are saved. 
        1
        		 
        openGauss=# SHOW audit_directory;
      2. Copy the entire audit directory elsewhere to save it.
    • Manually delete audit logs.

      Run the pg_delete_audit command to manually delete the audit records generated during a specified period of time.

      Example: Manually delete the audit records generated from September 20, 2012 to September 21, 2012.

      1
      		 
      openGauss=# SELECT pg_delete_audit('2012-09-20 00:00:00','2012-09-21 23:59:59');