On Wed, Jul 11, 2012 at 10:47 AM, Arnold, Sandra <arno...@osti.gov> wrote:
> Tablelog would be ok for keeping up with transactions for tables. > However, we also need to audit who connects successfully and > unsuccessfully. As far as I am aware, if a user fails to log in > successfully, say three times, PostgreSQL is not able to lock the account > for 9.0. Is this the case for 9.1 as well? This is off topic for your question, but locking an account after a small number of failures is a bad security practice. It's an invitation for a denial-of-service attack. Anyone who knows anyone else's account name can lock them out. Anyone who gets a list of accounts can lock up the whole system. Craig > This is the version that I will be installing that I am writing the > Security controls for. There are several events that I have to Audit and > table transactions are just a small part of it. The events I need to audit > are listed below: > > - Unauthorized User Access > - Changes to User Privileges > - Changes to Audit Policy > - Reset User Password > - New User created in Database > - Users dropped from Database > - Invalid Login Attempts > > Sandra Arnold > Senior Database Administrator > Contractor to DOE/OSTI > Information International Associates (IIA) > > > > -----Original Message----- > From: Joshua D. Drake [mailto:j...@commandprompt.com] > Sent: Tuesday, July 10, 2012 4:31 PM > To: Arnold, Sandra > Cc: pgsql-admin@postgresql.org > Subject: Re: [ADMIN] What happens when PostgreSQL fails to log to SYSLOG > > > On 07/10/2012 01:08 PM, Arnold, Sandra wrote: > > I am trying to find out what PostgreSQL does when it cannot write to > > its SYSLOG file, whether it is permissions or the file system where > > the log resides is full is the problem. > > PostgreSQL doesn't write to a SYSLOG file. It sends it to the syslog > daemon. (if you are indeed using syslog) > > > Does PostgreSQL stall, does it rollback the transaction it cannot log > > to the SYSLOG, or does it continue on as if there is not an issue? > > This is a non-issue in terms of transactions and operations. > > > > I am writing Security controls and since I am using the SYSLOG for > > auditing purposes and I need to document what happens in case there > > was a failure in writing to the SYSLOG. For instance, Oracle > > rollbacks any transactions that are being audited it cannot write to > > its audit logs. Just want to know what PostgreSQL does. > > > > You should probably look at tablelog for auditing. It automates it. > Syslog is not really a good way to handle that. > > Sincerely, > > Joshua D. Drake > > > -- > Command Prompt, Inc. - http://www.commandprompt.com/ PostgreSQL Support, > Training, Professional Services and Development The PostgreSQL Conference - > http://www.postgresqlconference.org/ > @cmdpromptinc - @postgresconf - 509-416-6579 > > > > -- > Sent via pgsql-admin mailing list (pgsql-admin@postgresql.org) > To make changes to your subscription: > http://www.postgresql.org/mailpref/pgsql-admin >