This topic describes how to use the pgAudit plug-in to generate audit logs for an ApsaraDB RDS for PostgreSQL instance in compliance with public service, financial, or ISO requirements. Audit logs help you analyze faults and operations on your RDS instance to obtain information about data queries.

Prerequisites

Precautions

  • The pgAudit plug-in may generate a large amount of audit log data. The amount of audit log data that is generated varies based on the configuration of the pgAudit plug-in. Before you use the pgAudit plug-in to audit objects, we recommend that you evaluate the objects to prevent the pgAudit plug-in from generating a large amount of audit log data. A large amount of audit log data can exhaust the storage capacity of your RDS instance.
  • After an object is renamed, new audit log records that are generated by the pgAudit plug-in for the object are associated with the new name of the object.

Enable or disable the pgAudit plug-in

  • Enable the pgAudit plug-in.
    CREATE EXTENSION pgaudit;
  • Disable the pgAudit plug-in.
    DROP EXTENSION pgaudit;

References

For more information, see the pgAudit documentation.