Updated on 2025-05-29 GMT+08:00

Audit Switch

audit_enabled

Parameter description: Specifies whether to enable or disable the audit thread. After the audit thread is enabled, the auditing information written by the background thread can be read from the pipe and written into audit files.

Parameter type: Boolean.

Unit: none

Value range:

  • on indicates that the auditing function is enabled.
  • off indicates that the auditing function is disabled.

Default value: on

Setting method: This is a SIGHUP parameter. Set it based on instructions provided in Table 1.

Setting suggestion: Retain the default value.

Risks and impacts of improper settings: Enabling the audit function affects the database performance. The impact depends on the audit recording frequency. If this parameter is set to on, set other audit items based on service and tracing requirements. If this parameter is set to off, historical operations cannot be traced using audit logs.

audit_directory

Parameter description: Specifies the storage directory of audit files. The path can be relative to the data directory or an absolute path. Only the SYSADMIN user can access this parameter.

Parameter type: string.

Unit: none

Value range: valid target path.

Default value: "pg_audit". If om is used for database deployment, audit logs are stored in $GAUSSLOG/pg_audit/Instance name.

Setting method: This is a POSTMASTER parameter. Set it based on instructions provided in Table 1.

Setting suggestion: Retain the default value.

Risks and impacts of improper settings: If the value is an invalid path or a path whose space is full, the audit function cannot be used. Different directories for storing audit files must be set for different DNs. Otherwise, audit logs will be abnormal.

  • Valid path: Users have read and write permissions on the path.
  • Invalid path: Users do not have read or write permission on the path.

audit_data_format

Parameter description: Audits the format of log files. Currently, only the binary format is supported. Only the SYSADMIN user can access this parameter.

Parameter type: string.

Unit: none

Value range: a string

Default value: "binary"

Setting method: This is a POSTMASTER parameter. Set it based on instructions provided in Table 1.

Setting suggestion: Retain the default value.

Risks and impacts of improper settings: Currently, only the binary format is supported. If this parameter is set to another value, the setting does not take effect.

audit_rotation_interval

Parameter description: Specifies the interval of creating an audit log file. If the difference between the current time and the time when the previous audit log file is created is greater than the value of this parameter, a new audit log file will be generated.

Parameter type: integer.

Unit: minute

Value range: 1 to 35791394 (INT_MAX/60)

Default value: 1d (that is, 1440 minutes)

Setting method: This is a SIGHUP parameter. Set it based on instructions provided in Table 1. For example, if the value is 1440 without a unit, audit_rotation_interval indicates 1440 minutes. If the value is 2d, audit_rotation_interval indicates 2 days, that is, 2880 minutes. The unit must be min, h, or d if required.

Setting suggestion: Retain the default value.

Risks and impacts of improper settings: If the value is too small, there will be too many files in the audit directory. If the value is too large, a single audit file will be too large. Do not adjust this parameter unless necessary. Otherwise, audit_resource_policy may fail to take effect. To control the storage space and time of audit logs, set the audit_resource_policy, audit_space_limit, and audit_file_remain_time parameters.

audit_rotation_size

Parameter description: Specifies the maximum capacity of an audit log file. If the total number of messages in an audit log exceeds the value of this parameter, the server will generate a new audit log file.

Parameter type: integer.

Unit: KB

Value range: 1024 to 1048576

Default value: 10MB (that is, 10240 KB)

Setting method: This is a SIGHUP parameter. Set it based on instructions provided in Table 1. For example, if the value is 131072 without a unit, audit_rotation_size indicates 131072 KB. If the value is 128MB, audit_rotation_size indicates 128 MB. The unit must be KB, MB, or GB if required.

Setting suggestion: Retain the default value.

Risks and impacts of improper settings: If the value is too small, there will be too many files in the audit directory. If the value is too large, a single audit file will be too large. Do not adjust this parameter unless necessary. Otherwise, audit_resource_policy may fail to take effect. To control the storage space and time of audit logs, set the audit_resource_policy, audit_space_limit, and audit_file_remain_time parameters. If the space occupied by a single record in an audit log file exceeds the value of this parameter, the log file is regarded as an invalid log file.

audit_resource_policy

Parameter description: Specifies the policy for determining whether audit logs are preferentially stored by space or time.

Parameter type: Boolean.

Unit: none

Value range:

  • on: Audit logs are preferentially stored by space. A maximum of audit_space_limit logs can be stored.
  • off: Audit logs are preferentially stored by time. A minimum duration of audit_file_remain_time logs must be stored.

Default value: on

Setting method: This is a SIGHUP parameter. Set it based on instructions provided in Table 1.

Setting suggestion: When selecting the space priority policy, do not adjust the following GUC parameters related to the time policy: audit_rotation_interval and audit_file_remain_time. When selecting the time priority policy, do not adjust the following GUC parameters related to the space policy: audit_rotation_size, audit_space_limit, and audit_file_remain_threshold.

Risks and impacts of improper settings: This parameter must be used together with other GUC parameters related to the corresponding policy. If this parameter is set to an improper value, the audit log storage policy does not meet expectations.

audit_file_remain_time

Parameter description: Specifies the minimum duration required for recording audit logs. This parameter is valid only when audit_resource_policy is set to off.

Parameter type: integer.

Unit: day

Value range: 0 to 730. The value 0 indicates no time limit.

Default value: 90

Setting method: This is a SIGHUP parameter. Set it based on instructions provided in Table 1. The value cannot contain a unit.

Setting suggestion: Set this parameter according to the actual situation. If audit_resource_policy is set to on, do not change the value of this parameter.

Risks and impacts of improper settings: This parameter takes effect only when audit_resource_policy is set to off. If the value is too small, only a small number of audit logs are retained and the audit tracing duration is shortened. If the value is too large, too many audit logs are stored in the audit directory, affecting the audit query and deletion performance and occupying disk space.

audit_space_limit

Parameter description: Specifies the total disk space occupied by audit files.

Parameter type: integer.

Unit: KB

Value range: 1024 to 1073741824 (1024 GB)

Default value: 1GB (that is, 1048576 KB)

Setting method: This is a SIGHUP parameter. Set it based on instructions provided in Table 1. For example, if the value is 131072 without a unit, audit_space_limit indicates 131072 KB. If the value is 128MB, audit_space_limit indicates 128 MB. The unit must be KB, MB, or GB if required.

Setting suggestion: Set this parameter based on the actual available space of the instance and the number of audit logs to be saved.

Risks and impacts of improper settings: This parameter takes effect only when audit_resource_policy is set to on. If the value is too small, only a small number of audit logs are retained and the audit tracing duration is shortened. If the value is too large, too many audit logs are stored in the audit directory, affecting the audit query and deletion performance and occupying disk space.

In the multi-audit thread scenario, the minimum disk space occupied by audit files is the product of values of audit_thread_num and audit_rotation_size. Ensure that the value of audit_space_limit is greater than the product of values of audit_thread_num and audit_rotation_size.

audit_file_remain_threshold

Parameter description: Specifies the maximum number of audit files in the audit directory.

Parameter type: integer.

Unit: none

Value range: 100 to 1048576

Default value: 1048576

Setting method: This is a SIGHUP parameter. Set it based on instructions provided in Table 1.

Setting suggestion: Retain the default value. For details, see the following notes:

1048576 (196-core CPU/1536 GB memory, 128-core CPU/1024 GB memory, 104-core CPU/1024 GB memory, 96-core CPU/1024 GB memory, 96-core CPU/768 GB memory, 80-core CPU/640 GB memory, 64-core CPU/512 GB memory, 60-core CPU/480 GB memory, 32-core CPU/256 GB memory, 16-core CPU/128 GB memory, 8-core CPU/64 GB memory , 4-core CPU/32 GB memory); 1024 (4-core CPU/16 GB memory). Do not change the value of this parameter unless necessary. To control the storage space and time of audit logs, use the audit_resource_policy, audit_space_limit, and audit_file_remain_time parameters.

Risks and impacts of improper settings: If this parameter is incorrectly set, audit_resource_policy may fail to take effect.

audit_thread_num

Parameter description: Specifies the number of threads used for auditing.

Parameter type: integer.

Unit: none

Value range: 1 to 48

Default value: 1

Setting method: This is a POSTMASTER parameter. Set it based on instructions provided in Table 1.

Setting suggestion: When audit_dml_state is enabled and high performance is required, you are advised to set this parameter to a larger value to ensure that audit messages can be processed and recorded in a timely manner. In other cases, you are advised to retain the default value.

Risks and impacts of improper settings: A larger number of threads indicates a greater impact on system performance and more CPU and I/O resources are occupied.