All posts
August 25, 20222 min read

Auditing pgcli: Streamlining Command-Line Insights for PostgreSQL

PostgreSQL's flexibility and powerful querying capabilities have made it a favorite database for countless applications. Many developers and database administrators rely on pgcli, a command-line interface for PostgreSQL, known for its auto-completion and syntax highlighting. But as helpful as pgcli can be for day-to-day database management, it’s less equipped for keeping a detailed log of what happens during your sessions. That’s where auditing comes into the picture. Auditing pgcli allows team

Free White Paper

PostgreSQL Access Control + GCP Security Command Center: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

PostgreSQL's flexibility and powerful querying capabilities have made it a favorite database for countless applications. Many developers and database administrators rely on pgcli, a command-line interface for PostgreSQL, known for its auto-completion and syntax highlighting. But as helpful as pgcli can be for day-to-day database management, it’s less equipped for keeping a detailed log of what happens during your sessions. That’s where auditing comes into the picture.

Auditing pgcli allows teams to trace actions, debug issues, and improve accountability by tracking queries and command usage. This blog post will break down the "what,""why,"and "how"of auditing pgcli in a simple yet effective way.

What Does Auditing Mean in the Context of pgcli?

Auditing pgcli is about systematically recording commands and activities executed during a session. This includes identifying who issued a query, what was run, and the timestamp of the action. Such logs provide critical insights when investigating database issues, reviewing system usage, or adhering to compliance standards.

However, pgcli itself doesn’t provide built-in tools for auditing. To enable logging, you’ll need to pair it with external tools or configurations that capture activity on your PostgreSQL database.

Why Should You Audit pgcli?

Auditing pgcli can benefit teams in several key ways:

  1. Accountability
    Logs help identify who ran specific queries, especially in shared or multi-user environments.
  2. Debugging and Optimizations
    Capture the exact sequence of commands leading up to errors or poor performance, helping you pinpoint pain points.
  3. Compliance
    Meet company, legal, or industry regulations by maintaining an audit trail of database access and changes.
  4. Improved Visibility
    Gain insights into query patterns, usage trends, and possibly detect misuse or anomalies in how the database is accessed.

How to Enable Logging for pgcli

While pgcli doesn’t natively offer an audit or logging feature, PostgreSQL itself provides robust logging options that serve as the foundation for auditing. Here’s how you can enable logging alongside pgcli:

Continue reading? Get the full guide.

PostgreSQL Access Control + GCP Security Command Center: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

1. Configure PostgreSQL Logging

Modify your postgresql.conf file to enable query logging:

log_statement = 'all' 
log_connections = on
log_disconnections = on

Restart your PostgreSQL instance for the changes to take effect. Once enabled, all queries, including those executed via pgcli, will be logged to your database log files.

2. Parse Logs with Automated Tools

PostgreSQL logs can quickly grow large and difficult to read. Tools like pgBadger can help parse and make sense of these logs. You can ship these parsed logs into services like ELK (Elasticsearch, Logstash, Kibana) for dashboards and analysis.

3. Audit Specific Roles or Tables

If you need finer control, PostgreSQL’s pgAudit extension provides detailed logging for specific queries (e.g., SELECT, INSERT) or database roles. Install and enable the extension:

CREATE EXTENSION pgaudit;

Configure your audit settings in the postgresql.conf:

pgaudit.log = 'read, write' 
pgaudit.log_relation = 'on'

With this setup, even complex sessions in pgcli are tracked at the level of roles and tables.

Best Practices for pgcli Auditing

  1. Separate Audit Logging from Core Functionality
    Use a dedicated logging location or log pipeline to separate database logs from operations-critical functionality.
  2. Limit Log Retention
    Log files grow quickly, especially when capturing all queries. Implement log rotation or automatic cleanup scripts.
  3. Leverage Visualizations
    Tools like Hoop.dev simplify turning raw SQL activity into actionable insights. By visualizing logs or audit trails, you can identify trends and anomalies in seconds.
  4. Regularly Review Logs
    Don’t let logs collect dust. Periodic log reviews can uncover hidden issues, inefficiencies, or potential security vulnerabilities.

Auditing Data in Hours, Not Days

Setting up an auditing pipeline for pgcli can seem overwhelming with the different tools and configurations involved. That’s where Hoop.dev shines. Hoop.dev integrates seamlessly with PostgreSQL, offering near-real-time insights from your database queries. You’ll know who ran what, when, and how impactful those actions were—without having to parse through enormous raw logs.

See how Hoop.dev provides visibility into your auditing journey in just a few clicks—visual dashboards included. Try it out and get started in minutes.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts