Database Audit Logger
This skill provides automated assistance for database audit logger tasks.
Prerequisites
Before using this skill, ensure:
- •Database credentials with CREATE TABLE and CREATE TRIGGER permissions
- •Understanding of compliance requirements (GDPR, HIPAA, SOX, PCI-DSS)
- •Sufficient storage for audit logs (estimate 10-30% of data size)
- •Decision on audit log retention period
- •Access to database documentation for table schemas
- •Monitoring tools configured for audit log analysis
Instructions
Step 1: Define Audit Requirements
- •Identify tables requiring audit logging based on compliance needs
- •Determine events to audit (INSERT, UPDATE, DELETE, SELECT for sensitive data)
- •Define which columns contain sensitive data requiring audit
- •Document retention requirements for audit logs
- •Identify users/roles whose actions need auditing
Step 2: Choose Audit Strategy
- •Trigger-Based Auditing: Best for comprehensive row-level tracking
- •Pros: Automatic, no application changes, captures all changes
- •Cons: Performance overhead, complex trigger maintenance
- •Application-Level Auditing: Best for selective auditing
- •Pros: Flexible, lower database overhead, easier debugging
- •Cons: Requires application changes, can miss direct database changes
- •Change Data Capture (CDC): Best for real-time streaming
- •Pros: Minimal performance impact, real-time analysis, external processing
- •Cons: Complex setup, requires CDC infrastructure
- •Native Database Logs: Best for general monitoring
- •Pros: No setup, captures everything, built-in
- •Cons: High volume, limited retention, difficult to query
Step 3: Design Audit Table Schema
- •Create audit log table with these core columns:
- •audit_id (primary key), table_name, action (INSERT/UPDATE/DELETE)
- •record_id (reference to audited record), old_values (JSON), new_values (JSON)
- •changed_by (user), changed_at (timestamp), client_ip, application_context
- •Add indexes on table_name, changed_at, changed_by for query performance
- •Partition audit table by date for efficient archival
- •Configure tablespace for audit logs separate from primary data
Step 4: Implement Audit Mechanism
- •For trigger-based: Create AFTER INSERT/UPDATE/DELETE triggers on each table
- •Capture old and new row values as JSON in trigger body
- •Record user context (CURRENT_USER, application user, IP address)
- •Handle trigger failures gracefully (log but don't block operations)
- •Test triggers with sample data modifications
Step 5: Configure Audit Log Management
- •Set up automated archival of old audit logs to cold storage
- •Implement audit log analysis queries for common compliance reports
- •Create alerts for suspicious activities (bulk deletes, off-hours changes)
- •Document audit log query procedures for compliance auditors
- •Schedule periodic audit log reviews with security team
Step 6: Validate Audit Implementation
- •Perform test operations on audited tables
- •Verify audit log entries are created with complete data
- •Test audit log queries for performance
- •Confirm audit logs cannot be modified by regular users
- •Document audit implementation for compliance documentation
Output
This skill produces:
Audit Table Schema: SQL DDL for audit log table with proper indexes and partitioning
Audit Triggers: Database triggers for automatic audit log population on data changes
Audit Log Queries: Pre-built SQL queries for compliance reports and change tracking
Implementation Documentation: Configuration details, trigger logic, and maintenance procedures
Compliance Report Templates: SQL queries for GDPR access logs, SOX change reports, etc.
Error Handling
Trigger Performance Issues:
- •Audit only critical tables, not all tables
- •Use asynchronous audit logging with queue systems
- •Batch audit log inserts instead of individual inserts
- •Monitor trigger execution time and optimize trigger logic
Audit Table Growth:
- •Implement automated archival of audit logs older than retention period
- •Partition audit table by month or quarter
- •Compress old audit log partitions
- •Move historical audit logs to cheaper storage tiers
Missing Audit Context:
- •Set application context in database session before operations
- •Use database session variables to pass user identity
- •Implement connection pooling with session initialization
- •Log application user separately from database user
Permission Issues:
- •Ensure audit log table is writable by trigger execution context
- •Grant INSERT on audit table to all database users
- •Protect audit table from modifications (no UPDATE/DELETE grants)
- •Use separate schema for audit tables with restricted access
Resources
Audit Table Templates:
- •PostgreSQL audit trigger:
{baseDir}/templates/postgresql-audit-trigger.sql - •MySQL audit trigger:
{baseDir}/templates/mysql-audit-trigger.sql - •Audit table schema:
{baseDir}/templates/audit-table-schema.sql
Compliance Report Queries: {baseDir}/queries/compliance-reports/
- •GDPR data access report
- •SOX change audit report
- •User activity summary
- •Suspicious activity detection
Audit Strategy Guide: {baseDir}/docs/audit-strategy-selection.md
Performance Tuning: {baseDir}/docs/audit-performance-optimization.md
Archival Procedures: {baseDir}/scripts/audit-archival.sh
Overview
This skill provides automated assistance for the described functionality.
Examples
Example usage patterns will be demonstrated in context.