To enable auditing on an AlloyDB instance, you perform two steps. First, you enable alloydb.enable_pgaudit flag on the instance. Then, you connect to the cluster's primary instance and create the pgaudit extension in the databases.
- Enable pgAudit on the instance:
- In the Google Cloud console, go to the Clusters page.
- Click a cluster in the Resource Name column.
- In the Overview page, go to Instances in your cluster, select an instance, and then click Edit.
- Add the
alloydb.enable_pgauditflag on your instance:
- Click Add flag.
- Select the
alloydb.enable_pgauditflag from the New database flag list.
- Select on from the Value list.
- Click Done.
- Click Update instance.
gcloud beta alloydb instances update INSTANCE_NAME \ --database-flags alloydb.enable_pgaudit=on\ --region=REGION_ID \ --cluster=CLUSTER_ID \ --project=PROJECT_ID
- INSTANCE_NAME: The name of the instance.
- REGION_ID: The region where the instance is present.
- CLUSTER_ID: The ID of the cluster where the instance is present.
- PROJECT_ID: The ID of the project where the cluster is present.
- Connect to the primary instance and create the extension in each database.
You must perform the following steps on the primary instance even if you are
enabling auditing on a read pool instance:
- Connect a psql client to the cluster's primary instance, as described in Connect a psql client to an instance.
- At the psql command prompt, connect to the database and create the extension:
\c DB_NAME CREATE EXTENSION IF NOT EXISTS pgaudit;
- Repeat the previous two steps to connect to other databases and create the extension in each one of them.