DataSunrise Achieves AWS DevOps Competency Status in AWS DevSecOps and Monitoring, Logging, Performance

PostgreSQL Database Activity Monitoring Requirements

Introduction

PostgreSQL processes over 10,000 transactions per second in high-load environments. Each transaction requires careful monitoring. A recent study shows that 60% of database breaches occur due to insufficient monitoring (a statistics from Verizon DBIR, 2023). Let’s explore how to implement comprehensive PostgreSQL database activity monitoring and data auditing.

Understanding Access and Authentication Monitoring

PostgreSQL provides robust tools for tracking user access. Here’s how to implement essential authentication monitoring:

-- Monitor active sessions
SELECT pid, usename, application_name, client_addr, 
       backend_start, state, query
FROM pg_stat_activity;

Pg_stat_activity contains all the active and idle sessions at the moment:

Monitor user sessions duration as follows:

SELECT usename, count(*), 
       avg(extract(epoch from now() - backend_start))::integer 
FROM pg_stat_activity 
GROUP BY usename;

Data Modification Tracking

Monitoring data changes helps detect unauthorized modifications. Implement these tracking mechanisms:

Create an audit trigger function

CREATE OR REPLACE FUNCTION audit_trigger_func() 
RETURNS trigger AS $$
BEGIN
    INSERT INTO audit_log(
        table_name, action, user_name, 
        changed_fields, row_data
    )
    VALUES (
        TG_TABLE_NAME, TG_OP, current_user,
        row_to_json(NEW), row_to_json(OLD)
    );
    RETURN NEW;
END;
$$ LANGUAGE plpgsql;

Apply trigger to sensitive tables

CREATE TRIGGER audit_trigger
AFTER INSERT OR UPDATE OR DELETE ON sensitive_table
FOR EACH ROW EXECUTE FUNCTION audit_trigger_func();

Before implementing the audit trigger, replace ‘sensitive_table’ with the actual name of the table you want to monitor. While triggers provide a straightforward approach to auditing, they can impact performance on high-load systems and may require additional maintenance. Consider using dedicated audit logging solutions like pgAudit for production environments.

Security Configuration Monitoring

Track security-related changes with these queries:

1. Monitor role changes

SELECT rolname, rolsuper, rolcreaterole, 
       rolcreatedb, rolcanlogin
FROM pg_roles;

This may return the access matrix like this for our local PostgreSQL:

2. Track permission changes.

SELECT grantor, grantee, table_schema, 
       table_name, privilege_type
FROM information_schema.role_table_grants;

3. Check current security settings.

SHOW all;

Backup and Recovery Operations

Implement backup monitoring with these approaches:

-- Track WAL (Write-Ahead Log) status
SELECT * FROM pg_stat_wal;

-- Monitor backup history
SELECT start_time, end_time, 
       success, database_name
FROM pg_backup_history;

-- Check replication status
SELECT * FROM pg_stat_replication;

Query Activity Monitoring

Track query performance and patterns:

-- Enable query tracking
CREATE EXTENSION pg_stat_statements;

-- Monitor long-running queries
SELECT pid, age(clock_timestamp(), query_start), 
       usename, query 
FROM pg_stat_activity 
WHERE state != 'idle' 
AND query_start < now() - interval '5 minutes';

-- Analyze query patterns
SELECT query, calls, total_time, rows, 
       mean_time
FROM pg_stat_statements 
ORDER BY total_time DESC;

System Event Monitoring

Track critical system events:

-- Monitor database statistics (backend, transaction summary)
SELECT datname, numbackends, xact_commit, 
       xact_rollback, blks_read, blks_hit
FROM pg_stat_database;

This results in the output as follows:

You may find some rolled back transactions (118 in this case).

-- Check table statistics
SELECT schemaname, relname, seq_scan, 
       seq_tup_read, idx_scan
FROM pg_stat_user_tables;

This query helps you understand how efficiently your tables are being accessed. By looking at the frequency of sequential scans versus index scans, you can spot performance issues, such as tables being scanned without using available indexes, which may signal a need for better indexing or query optimization.

-- Monitor lock conflicts
SELECT blocked_locks.pid AS blocked_pid,
       blocked_activity.usename AS blocked_user,
       blocking_locks.pid AS blocking_pid,
       blocking_activity.usename AS blocking_user
FROM pg_locks blocked_locks
JOIN pg_locks blocking_locks
  ON blocked_locks.locktype = blocking_locks.locktype
  AND blocked_locks.locktype = 'transactionid'
  AND blocked_locks.transactionid = blocking_locks.transactionid
JOIN pg_stat_activity blocked_activity 
  ON blocked_locks.pid = blocked_activity.pid
JOIN pg_stat_activity blocking_activity 
  ON blocking_locks.pid = blocking_activity.pid
WHERE blocked_locks.granted = FALSE
  AND blocking_locks.granted = TRUE;

DataSunrise for PostgreSQL Database Activity Monitoring

DataSunrise elevates database activity monitoring by providing robust security features in a consistent manner across dozens of supported databases. It offers five flexible deployment modes, allowing you to balance database latency, feature sets, and the impact on existing infrastructure.

The dashboard offers a comprehensive view of key information about the databases under protection and monitoring:

All the databases protected listed in the Databases page with their network parameters:

Finally, all monitored events are presented in a consistent format for all databases, conveniently displayed in one place:

Beyond monitoring, DataSunrise delivers advanced data security, sensitive data discovery, automated compliance reporting, and data masking. Our user-friendly, web-based interface includes an AI-driven assistant, enabling quick access to guides and reference materials for seamless product use.

Summary and Conclusions

Effective PostgreSQL monitoring requires a comprehensive approach covering all aspects of database operations. Regular monitoring helps maintain security, performance, and reliability of your database systems.

DataSunrise PostgreSQL Security Solution

DataSunrise provides specialized tools for PostgreSQL monitoring and security. Our solution offers real-time activity monitoring, compliance reporting, and advanced security features designed specifically for PostgreSQL databases.

Experience the power of DataSunrise’s PostgreSQL security tools. Visit our website to schedule an online demo and discover how we can enhance your database security infrastructure.

Next

Data Audit for Snowflake

Learn More

Need Our Support Team Help?

Our experts will be glad to answer your questions.

General information:
[email protected]
Customer Service and Technical Support:
support.datasunrise.com
Partnership and Alliance Inquiries:
[email protected]