Re: pgaudit and create postgis extension logs a lot inserts

David Steele <david@xxxxxxxxxxxxx> · Fri, 19 Jan 2018 08:51:20 -0500

Hi Peter,

On 1/18/18 7:12 AM, Svensson Peter wrote:
> 
> Also noticed that setting a session log to none (set
> pgaudit.log='none';)  overrides parameter from postgresql.conf,  but
> does not get logged, and then you can do whatever you want without any
> audit.
> I supposed this changing of  audit session log parameter should be
> logged to file?

pgaudit is not intended to audit the superuser and only a superuser can
set pgaudit.log.

However, you can limit superuser access with the setuser extension:
https://github.com/pgaudit/set_user

Regards,
-- 
-David
david@xxxxxxxxxxxxx