- Release Notes and Announcements
- Release Notes
- Open-Source Plugin Privilege Escalation Has Vulnerability Risk for PostgreSQL
- Announcements
- Security Risk Statement for Creating Partial Plugins in PostgreSQL Cloud Database
- TencentDB for PostgreSQL Will Start Billing for Backup Space
- Some Extensions on Lower Kernel Version Can't Be Created and Upgraded in TencentDB for PostgreSQL
- Announcement on the Risk of Privilege Escalation Vulnerability in Cloud Database PostgreSQL Open Source Plugin
- Product Introduction
- Purchase Guide
- Getting Started
- Kernel Version Introduction
- Operation Guide
- Instance Management
- Instance Lifecycle
- Setting Instance Maintenance Time
- Modifying Instance Configuration
- Set up instance availability zone disaster recovery or regional disaster recovery
- Modifying AZs
- Terminating Instances
- Restoring Instances
- Eliminating Instances
- Restarting Instances
- Modifying Data Replication Mode
- Switch Source-Replica Instance
- Upgrading Instance
- Read-Only Instance
- Account Management
- Database Optimization
- Parameter Management
- Log management
- Backup and Restoration
- Physical Migration
- Database Audit
- Extension Management
- Network Management
- Access Management
- Data Encryption
- Security Groups
- Monitoring and Alarms
- Tag
- Instance Management
- PostgreSQL for Serverless
- MSSQL Compatible Version
- Practical Tutorial
- postgres_fdw Extension for Cross-database Access
- Automatically Creating Partition in PostgreSQL
- Searching in High Numbers of Tags Based on pg_roaringbitmap
- Querying People Nearby with One SQL Statement
- Configuring TencentDB for PostgreSQL as GitLab's External Data Source
- Supporting Tiered Storage Based on cos_fdw Extension
- Implement Read/Write Separation via pgpool
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- CreateInstances
- DescribeDBInstances
- DescribeDBInstanceAttribute
- DescribeEncryptionKeys
- DescribeDBInstanceHAConfig
- SwitchDBInstancePrimary
- ModifyDBInstanceName
- ModifyDBInstanceSpec
- ModifyDBInstanceDeployment
- UpgradeDBInstanceKernelVersion
- ModifyDBInstanceHAConfig
- ModifyDBInstanceChargeType
- ModifyDBInstancesProject
- ModifySwitchTimePeriod
- RenewInstance
- SetAutoRenewFlag
- RestartDBInstance
- IsolateDBInstances
- DisIsolateDBInstances
- DestroyDBInstance
- CreateDBInstances
- InitDBInstances
- UpgradeDBInstance
- UpgradeDBInstanceMajorVersion
- Read-only Replica APIs
- Backup and Recovery APIs
- DescribeAvailableRecoveryTime
- DescribeCloneDBInstanceSpec
- CloneDBInstance
- RestoreDBInstanceObjects
- DescribeBackupOverview
- DescribeBackupSummaries
- DescribeBackupPlans
- ModifyBackupPlan
- CreateBaseBackup
- DescribeBaseBackups
- ModifyBaseBackupExpireTime
- DeleteBaseBackup
- DescribeLogBackups
- DeleteLogBackup
- DescribeBackupDownloadURL
- DescribeBackupDownloadRestriction
- ModifyBackupDownloadRestriction
- DescribeDBXlogs
- DescribeDBBackups
- Parameter Management APIs
- Security Group APIs
- Performance Optimization APIs
- Account APIs
- Specification APIs
- PostgreSQL for Serverless APIs
- Network APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Contact Us
- Release Notes and Announcements
- Release Notes
- Open-Source Plugin Privilege Escalation Has Vulnerability Risk for PostgreSQL
- Announcements
- Security Risk Statement for Creating Partial Plugins in PostgreSQL Cloud Database
- TencentDB for PostgreSQL Will Start Billing for Backup Space
- Some Extensions on Lower Kernel Version Can't Be Created and Upgraded in TencentDB for PostgreSQL
- Announcement on the Risk of Privilege Escalation Vulnerability in Cloud Database PostgreSQL Open Source Plugin
- Product Introduction
- Purchase Guide
- Getting Started
- Kernel Version Introduction
- Operation Guide
- Instance Management
- Instance Lifecycle
- Setting Instance Maintenance Time
- Modifying Instance Configuration
- Set up instance availability zone disaster recovery or regional disaster recovery
- Modifying AZs
- Terminating Instances
- Restoring Instances
- Eliminating Instances
- Restarting Instances
- Modifying Data Replication Mode
- Switch Source-Replica Instance
- Upgrading Instance
- Read-Only Instance
- Account Management
- Database Optimization
- Parameter Management
- Log management
- Backup and Restoration
- Physical Migration
- Database Audit
- Extension Management
- Network Management
- Access Management
- Data Encryption
- Security Groups
- Monitoring and Alarms
- Tag
- Instance Management
- PostgreSQL for Serverless
- MSSQL Compatible Version
- Practical Tutorial
- postgres_fdw Extension for Cross-database Access
- Automatically Creating Partition in PostgreSQL
- Searching in High Numbers of Tags Based on pg_roaringbitmap
- Querying People Nearby with One SQL Statement
- Configuring TencentDB for PostgreSQL as GitLab's External Data Source
- Supporting Tiered Storage Based on cos_fdw Extension
- Implement Read/Write Separation via pgpool
- API Documentation
- History
- Introduction
- API Category
- Making API Requests
- Instance APIs
- CreateInstances
- DescribeDBInstances
- DescribeDBInstanceAttribute
- DescribeEncryptionKeys
- DescribeDBInstanceHAConfig
- SwitchDBInstancePrimary
- ModifyDBInstanceName
- ModifyDBInstanceSpec
- ModifyDBInstanceDeployment
- UpgradeDBInstanceKernelVersion
- ModifyDBInstanceHAConfig
- ModifyDBInstanceChargeType
- ModifyDBInstancesProject
- ModifySwitchTimePeriod
- RenewInstance
- SetAutoRenewFlag
- RestartDBInstance
- IsolateDBInstances
- DisIsolateDBInstances
- DestroyDBInstance
- CreateDBInstances
- InitDBInstances
- UpgradeDBInstance
- UpgradeDBInstanceMajorVersion
- Read-only Replica APIs
- Backup and Recovery APIs
- DescribeAvailableRecoveryTime
- DescribeCloneDBInstanceSpec
- CloneDBInstance
- RestoreDBInstanceObjects
- DescribeBackupOverview
- DescribeBackupSummaries
- DescribeBackupPlans
- ModifyBackupPlan
- CreateBaseBackup
- DescribeBaseBackups
- ModifyBaseBackupExpireTime
- DeleteBaseBackup
- DescribeLogBackups
- DeleteLogBackup
- DescribeBackupDownloadURL
- DescribeBackupDownloadRestriction
- ModifyBackupDownloadRestriction
- DescribeDBXlogs
- DescribeDBBackups
- Parameter Management APIs
- Security Group APIs
- Performance Optimization APIs
- Account APIs
- Specification APIs
- PostgreSQL for Serverless APIs
- Network APIs
- Data Types
- Error Codes
- FAQs
- Service Agreement
- Glossary
- Contact Us
Audit Classification
TencentDB for PostgreSQL supports two audit types: Audit Express Edition and Audit Detailed Edition. The details are as follows:
1. Audit Express Edition, has the minimal impact on performance, and the same effect as the native community PostgreSQL with log_statement=all enabled. In addition, it also records the affected rows and execution time.
2. Audit Detailed Edition enables full audit using the pgaudit plugin. The audit logs are more detailed, covering SQL types and object names. However, compared to the Express Edition, it has a higher learning curve, so it is suitable for developers with specific needs.
Note:
For a single SQL entry, if there are subqueries or function calls, the Audit Detailed Edition generates multiple logs, each containing information about the objects being called. To avoid multiple printing of the same statement, from the second printing onwards, the statement is shown as
previously logged, with the SQL type as ???.Below are the comparison of the logs generated by Audit Express Edition and Audit Detailed Edition in several different scenarios.
Function Call
The specific SQL statements are as follows:
CREATE FUNCTION a_t(integer, integer) RETURNS integerAS 'select $1 + $2;'LANGUAGE SQL;select a_t(2,3);The Audit Detailed log is shown in the following figure:
The Audit Express log is shown in the following figure:
Table Association
The specific SQL statements are as follows:
create table a(id integer,name varchar);create table b(id integer,age int);insert into a(id,name)values(1,'anne'),(2,'bob');insert into b(id,age)values(2,30);select a.id,name,age from a,b where a.id=b.id;The Audit Detailed log is shown in the following figure:
The Audit Express log is shown in the following figure:
Subquery
The Audit Detailed log is shown in the following figure:
The Audit Express log is shown in the following figure:
Partition table query
The SQL statements for defining a table and inserting data are as follows:
create table m(city int,ldate date)partition by range(ldate);create table m_01 partition of m for values from('2023-01-01') to ('2023-02-01');create table m_02 partition of m for values from('2023-02-01') to ('2023-03-01');insert into m(city,ldate)values(1,'2023-01-02'),(2,'2023-02-02');insert into m(city,ldate)values(3,'2023-01-05'),(4,'2023-02-04');When the following query statements are executed, the audit logs are as follows:
select * from m where ldate>'2023-01-03';The Audit Detailed log is shown in the following figure:
The Audit Express log is shown in the following figure:
Storage Procedure
The definition and invocation of the storage procedure are as follows:
CREATE OR REPLACE PROCEDURE update_m(p_city in integer,p_ldate in date,p_id in integer)AS $$BEGINupdate m set city = p_city,ldate = p_ldatewhere city = p_id;END; $$LANGUAGE plpgsql;
call update_m(4,'2023-02-05',4);The Audit Detailed log is shown in the following figure:
The Audit Express log is shown in the following figure:
Log Description
1. The Audit Express Edition and Audit Detailed Edition use the same SQL statement type as that of the SQL statements generated with log_statement = 'all' enabled. That is, all SQL statements based on the simple query and execute protocols are logged. For any extended query protocol (extended query), statements that fail before the execution stage (i.e., during parse, analysis, or planning) will not be logged.
2. In the Audit Express Edition and Audit Detailed Edition, the default SQL statement length is 8,192 bytes. Statements exceeding this limit will be truncated, and the object type, object name, execution time, and affected rows of such SQL statements will also be unable to be displayed. To custom the statement length, please modify the tencentdb_audit_message_truncate_length parameter in the console. When an SQL statement is truncated, if the statement is a slow SQL statement or a SQL statement that fails to be executed, you can go to TencentDB for PostgreSQL console's performance optimization> slow log analysis or error log to check its details.
3. Instances of TencentDB for PostgreSQL of the current major version 11 do not support the statistics of affected rows.
4. Due to differences in the timing systems used by audit and slow query, there may be millisecond-level differences in the recorded SQL execution times.
Yes
No
Was this page helpful?