PostgreSQL: Create Audit Trigger, for logging or Auditing your Database DML Transactions

This article is half-done without your Comment! *** Please share your thoughts via Comment ***

If you experienced with SQL Server, You might know about SQL Server Audit and Change Data Capture (CDC) functionality.
As per the PostgreSQL WIKI, PostgreSQL does not have such an Inbuilt functionality for auditing your user transactions.

Most of the Application requires, Database auditing like Who Inserted, When Updated kind of DML Transactions.
Here, I am sharing one demonstration about Trigger Approach, which is not always good, but for specific requirement, we can go with this approach.

I have created separate schema and table to log about DML transactions.
PostgreSQL Database Administrator can use this trigger for security purpose also.

Create a one new Schema:

1	CREATE SCHEMA AuditTable;

Create a new table for Logged Transaction:

CREATE TABLE AuditTable.tbl_LoggedTransactions

(

SchemaName CHARACTER VARYING

,TableName CHARACTER VARYING

,UserName CHARACTER VARYING

,DMLAction CHARACTER VARYING

,OriginalData TEXT

,ExecutedNewData TEXT

,ExecutedSQL TEXT

,RecordDateTime TIMESTAMP WITHOUT TIME ZONE DEFAULT NOW()

);

Revoke all access of newly creatd table from PUBLIC:

1	REVOKE ALL ON AuditTable.tbl_LoggedTransactions FROM public;

Create one trigger function for auditing DML transactions:

CREATE OR REPLACE FUNCTION AuditTable.trg_AuditDML()

RETURNS TRIGGER

AS $BODY$

DECLARE

OldData TEXT;

NewData TEXT;

BEGIN

IF (TG_OP = 'UPDATE') THEN

OldData := ROW(OLD.*);

NewData := ROW(NEW.*);

INSERT INTO AuditTable.tbl_LoggedTransactions

(

SchemaName

,TableName

,UserName

,DMLAction

,OriginalData

,ExecutedNewData

,ExecutedSQL

)

VALUES

(

TG_TABLE_SCHEMA::TEXT

,TG_TABLE_NAME::TEXT

,session_user::TEXT

,substring(TG_OP,1,1)

,OldData

,NewData

,current_query()

);

RETURN NEW;

ELSIF (TG_OP = 'DELETE') THEN

OldData := ROW(OLD.*);

INSERT INTO AuditTable.tbl_LoggedTransactions

(

SchemaName

,TableName

,UserName

,DMLAction

,OriginalData

,ExecutedSQL

)

VALUES

(

TG_TABLE_SCHEMA::TEXT

,TG_TABLE_NAME::TEXT

,session_user::TEXT

,substring(TG_OP,1,1)

,OldData

,current_query()

);

RETURN OLD;

ELSIF (TG_OP = 'INSERT') THEN

NewData := ROW(NEW.*);

INSERT INTO AuditTable.tbl_LoggedTransactions

(

SchemaName

,TableName

,UserName

,DMLAction

,ExecutedNewData

,ExecutedSQL

)

VALUES

(

TG_TABLE_SCHEMA::TEXT

,TG_TABLE_NAME::TEXT

,session_user::TEXT

,substring(TG_OP,1,1)

,NewData

,current_query()

);

RETURN NEW;

ELSE

RAISE WARNING '[AuditTable.trg_AuditDML] - Other action occurred: %, at %',TG_OP,now();

RETURN NULL;

END IF;

END;

$BODY$

LANGUAGE plpgsql;

Create a sample table:

CREATE TABLE public.tbl_Employees

(

EmpID INT

,EmpName CHARACTER VARYING

);

Create trigger on tbl_Employees with the use of trigger function AuditTable.trg_AuditDML:

CREATE TRIGGER trg_tbl_Employees_INSERT_UPDATE_DELETE

AFTER INSERT OR UPDATE OR DELETE ON public.tbl_Employees

FOR EACH ROW EXECUTE PROCEDURE AuditTable.trg_AuditDML();

Execute few sample DMLs:

INSERT INTO tbl_Employees VALUES

(1,'Anvesh'),(2,'Martin'),(3,'Roy')

,(4,'Jeeny'),(5,'Kavita'),(6,'Neevan');

UPDATE tbl_Employees SET EmpName='Mahi'

WHERE EmpID = 5;

DELETE FROM tbl_Employees WHERE EmpID = 4;

Check AuditTable.tbl_LoggedTransactions table for logged DML transaction:

1	SELECT *FROM AuditTable.tbl_LoggedTransactions;

Apr 5, 2017Anvesh Patel

Comments: 4

IDM

March 4, 2018 at 11:55 am

I know this if off topic but I’m looking into starting my
own weblog and was curious what all is required to get setup?
I’m assuming having a blog like yours would cost a pretty penny?
I’m not very internet smart so I’m not 100% positive.

Any suggestions or advice would be greatly appreciated.
Thanks

Reply Cancel

swagat sahoo

September 26, 2018 at 3:28 pm

Hi Anvesh,
I am daily follower of your blogs,
i have a qsn ::::
How can i insert the error information into a log table and at the same time ,
if any invalid data trying to insert or delete or fetching into or from table ,at that time one exception will raise ,that will print you are trying to process invalid data.

Reply Cancel

Anvesh Patel
October 3, 2018 at 7:16 pm
You cant insert error message here, because it logs successful transactions only. For error logs, visit logs folder and there you can do some python script automation.
Reply Cancel

HARIATY

May 13, 2019 at 2:22 am

hi, i try that all, and it’s working. thank you so muchhhhhhhh.
God bless you 🙂

Reply Cancel

PostgreSQL: Create Audit Trigger, for logging or Auditing your Database DML Transactions

Leave a Reply Cancel reply

Anvesh Patel

About Me!

About DBRND !

Recent Comments !

Follow Me !