> How do you then audit a TRUNCATE performed by somebody else (who, for > "political" reasons, has superuser access)? Such actions aren't limited to > attacks - but may simply be the result of "I thought it was a good idea at > the time". :-(
Easily enough, have the logs record the pid, connection startup, timestamps, statement,etc. That should give everything required to track down a unique user who performed random actions. ---------------------------(end of broadcast)--------------------------- TIP 1: subscribe and unsubscribe commands go to [EMAIL PROTECTED]