Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Automated)
Workload misconfigurations
Ensure the PostgreSQL Audit Extension (pgAudit) is enabled (Automated)
Risk Level
Informational (4)
Platform(s)
Description
Basic statement logging can be provided by the standard logging facility with log_statement = all. This is acceptable for monitoring and other uses but does not provide the level of detail generally required for an audit. It is not enough to have a list of all the operations performed against the database, it must also be possible to find particular statements that are of interest to an auditor.