Discussion:
[ADMIN] What happens when PostgreSQL fails to log to SYSLOG
(too old to reply)
Joshua D. Drake
2012-07-10 20:31:24 UTC
Permalink
I am trying to find out what PostgreSQL does when it cannot write to its
SYSLOG file, whether it is permissions or the file system where the log
resides is full is the problem.
PostgreSQL doesn't write to a SYSLOG file. It sends it to the syslog
daemon. (if you are indeed using syslog)
Does PostgreSQL stall, does it rollback
the transaction it cannot log to the SYSLOG, or does it continue on as
if there is not an issue?
This is a non-issue in terms of transactions and operations.
I am writing Security controls and since I am
using the SYSLOG for auditing purposes and I need to document what
happens in case there was a failure in writing to the SYSLOG. For
instance, Oracle rollbacks any transactions that are being audited it
cannot write to its audit logs. Just want to know what PostgreSQL does.
You should probably look at tablelog for auditing. It automates it.
Syslog is not really a good way to handle that.

Sincerely,

Joshua D. Drake
--
Command Prompt, Inc. - http://www.commandprompt.com/
PostgreSQL Support, Training, Professional Services and Development
The PostgreSQL Conference - http://www.postgresqlconference.org/
@cmdpromptinc - @postgresconf - 509-416-6579
--
Sent via pgsql-admin mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Tom Lane
2012-07-11 18:26:48 UTC
Permalink
Tablelog would be ok for keeping up with transactions for tables.
However, we also need to audit who connects successfully and
unsuccessfully. As far as I am aware, if a user fails to log in
successfully, say three times, PostgreSQL is not able to lock the
account for 9.0.
If you want custom authorization rules like that, the usual
recommendation is to use PAM authentication; you can set up pretty much
anything you want with a few PAM modules.

regards, tom lane
--
Sent via pgsql-admin mailing list (pgsql-***@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-admin
Craig James
2012-07-11 20:07:59 UTC
Permalink
Tablelog would be ok for keeping up with transactions for tables.
However, we also need to audit who connects successfully and
unsuccessfully. As far as I am aware, if a user fails to log in
successfully, say three times, PostgreSQL is not able to lock the account
for 9.0. Is this the case for 9.1 as well?
This is off topic for your question, but locking an account after a small
number of failures is a bad security practice. It's an invitation for a
denial-of-service attack. Anyone who knows anyone else's account name can
lock them out. Anyone who gets a list of accounts can lock up the whole
system.

Craig
This is the version that I will be installing that I am writing the
Security controls for. There are several events that I have to Audit and
table transactions are just a small part of it. The events I need to audit
- Unauthorized User Access
- Changes to User Privileges
- Changes to Audit Policy
- Reset User Password
- New User created in Database
- Users dropped from Database
- Invalid Login Attempts
Sandra Arnold
Senior Database Administrator
Contractor to DOE/OSTI
Information International Associates (IIA)
-----Original Message-----
Sent: Tuesday, July 10, 2012 4:31 PM
To: Arnold, Sandra
Subject: Re: [ADMIN] What happens when PostgreSQL fails to log to SYSLOG
I am trying to find out what PostgreSQL does when it cannot write to
its SYSLOG file, whether it is permissions or the file system where
the log resides is full is the problem.
PostgreSQL doesn't write to a SYSLOG file. It sends it to the syslog
daemon. (if you are indeed using syslog)
Does PostgreSQL stall, does it rollback the transaction it cannot log
to the SYSLOG, or does it continue on as if there is not an issue?
This is a non-issue in terms of transactions and operations.
I am writing Security controls and since I am using the SYSLOG for
auditing purposes and I need to document what happens in case there
was a failure in writing to the SYSLOG. For instance, Oracle
rollbacks any transactions that are being audited it cannot write to
its audit logs. Just want to know what PostgreSQL does.
You should probably look at tablelog for auditing. It automates it.
Syslog is not really a good way to handle that.
Sincerely,
Joshua D. Drake
--
Command Prompt, Inc. - http://www.commandprompt.com/ PostgreSQL Support,
Training, Professional Services and Development The PostgreSQL Conference -
http://www.postgresqlconference.org/
@cmdpromptinc - @postgresconf - 509-416-6579
--
http://www.postgresql.org/mailpref/pgsql-admin
Loading...