All posts
September 6, 20252 min read

How to Enable Audit Logs in Postgres When Using Pgcli

I pulled the wrong query from production and saw something I shouldn’t. The data was intact, but the trail to it was gone. No record. No proof. No audit log. That’s when you realize how fragile everything is without clear, accessible, complete audit logs. When working with Postgres, pgcli is often the go-to tool for speed, autocompletion, and syntax highlighting. But there’s a trap here—pgcli is just a client. It doesn’t automatically give you audit logs. Without the right setup, every query y

Free White Paper

Kubernetes Audit Logs + PII in Logs Prevention: The Complete Guide

Architecture patterns, implementation strategies, and security best practices. Delivered to your inbox.

Free. No spam. Unsubscribe anytime.
Andrios Robert

I pulled the wrong query from production and saw something I shouldn’t. The data was intact, but the trail to it was gone. No record. No proof. No audit log.

That’s when you realize how fragile everything is without clear, accessible, complete audit logs.

When working with Postgres, pgcli is often the go-to tool for speed, autocompletion, and syntax highlighting. But there’s a trap here—pgcli is just a client. It doesn’t automatically give you audit logs. Without the right setup, every query you run might disappear into the ether, with no trace for compliance or security review.

Why Audit Logs Matter in Postgres

Audit logs keep track of every action. They’re the single source of truth for what happened, who did it, and when. In Postgres, you can enable logging at the database level with settings like log_statement and log_duration. You can also use the pgaudit extension for a more detailed, structured audit trail. Without these measures, even the best client tool leaves you exposed.

Continue reading? Get the full guide.

Kubernetes Audit Logs + PII in Logs Prevention: Architecture Patterns & Best Practices

Free. No spam. Unsubscribe anytime.

Using Pgcli Without Losing Your Trail

pgcli connects to Postgres over standard protocols. The logs are written by the server, not by pgcli. That means if you want to see what happened in pgcli, you must configure the database to log every query, or set up an external service to capture all activity in real time. Your logs should cover:

  • Connection events
  • DDL changes
  • DML queries
  • Errors and exceptions
  • Account changes and permission updates

How to Enable Database-Level Logging in Postgres

  1. Edit postgresql.conf:
log_statement = 'all'
log_duration = on
  1. Reload Postgres with SELECT pg_reload_conf();
  2. Rotate and secure log files to avoid storage bloat and data leaks.

The Gap Between Logging and Usability

Raw logs are often massive, unreadable, and siloed. Tracking down a single user action can take hours. This is where the real cost is: not just whether you log, but whether you can query and understand those logs instantly.

With modern tooling, you can turn this flood of raw SQL events into live, structured, searchable data. You don’t need to babysit pgcli sessions or guess what queries were run. You just see them, in order, with context.

Hoop.dev makes this happen in minutes. Configure once, connect through pgcli or any client, and watch every query and change appear in a clean, searchable audit log the moment it happens. No digging. No blind spots.

If you want to make sure every pgcli session is traceable, secure, and compliant from the first query to the last disconnect, see it live on hoop.dev—set it up today and get your audit logs right, right now.

Get started

See hoop.dev in action

One gateway for every database, container, and AI agent. Deploy in minutes.

Get a demoMore posts