基于表的ddl（alter table）审计

环境

文档用途

详细信息

环境

系统平台：Linux x86-64 Red Hat Enterprise Linux 7

版本：4.3.2

文档用途

使用事件触发器审计表的alter table操作

详细信息

如果你要记录表被用户执行DDL，修改定义, 设置默认值, 等等alter table可以完成的工作时的记录, 可以使用事件触发器来达到这个目的.

例子如下 :

# create or replace function ef_alter() returns event_trigger as $$

declare

rec hstore;

begin

select hstore(pg_stat_activity.*) into rec from pg_stat_activity where pid=pg_backend_pid();

insert into aud_alter (ctx) values (rec);

end;

$$ language plpgsql strict;

CREATE FUNCTION

testdb=# create event trigger e_alter on ddl_command_end when tag in ('ALTER TABLE') execute procedure ef_alter();

CREATE EVENT TRIGGER

testdb=# create table aud_alter(id serial primary key, crt_time timestamp default now(), ctx hstore);

CREATE TABLE

testdb=# create table test(id int);

CREATE TABLE

testdb=# alter table test alter column id type int8;

ALTER TABLE

testdb=# select * from aud_alter;

-[ RECORD 1 ]------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

id | 1

crt_time | 2018-05-03 13:44:12.309983

ctx | "pid"=>"9408", "datid"=>"16384", "query"=>"alter table test alter column id type int8;", "state"=>"active", "datname"=>"testdb", "usename"=>"postgres", "waiting"=>"f", "usesysid"=>"10", "xact_start"=>"2018-05-03 13:44:12.309983+08", "backend_xid"=>"8367", "client_addr"=>NULL, "client_port"=>"-1", "query_start"=>"2018-05-03 13:44:12.309983+08", "backend_xmin"=>"8367", "state_change"=>"2018-05-03 13:44:12.309985+08", "backend_start"=>"2018-05-03 13:40:15.0561+08", "client_hostname"=>NULL, "application_name"=>"psql"

testdb=# select each(ctx) from aud_alter where id=1;

each

-------------------------------------------------------

(pid,9408)

(datid,16384)

(query,"alter table test alter column id type int8;")

(state,active)

(datname,testdb)

(usename,postgres)

(waiting,f)

(usesysid,10)

(xact_start,"2018-05-03 13:44:12.309983+08")

(backend_xid,8367)

(client_addr,)

(client_port,-1)

(query_start,"2018-05-03 13:44:12.309983+08")

(backend_xmin,8367)

(state_change,"2018-05-03 13:44:12.309985+08")

(backend_start,"2018-05-03 13:40:15.0561+08")

(client_hostname,)

(application_name,psql)

(18 rows)

更多详细的信息请登录【瀚高技术支持平台】查看

https://support.highgo.com/#/index/docContent/b74c1e3703881a00

基于表的ddl（alter table）审计

猜你喜欢