To enable auditing on an AlloyDB instance, you perform two steps. First, you enable alloydb.enable_pgaudit flag on the instance. Then, you connect to the cluster's primary instance and create the pgaudit extension in the databases.
- Enable pgAudit on the instance:
Console
- In the Google Cloud console, go to the Clusters page.
- Click a cluster in the Resource Name column.
- In the Overview page, go to Instances in your cluster, select an instance, and then click Edit.
- Add the
alloydb.enable_pgaudit
flag on your instance:- Click Add flag.
- Select the
alloydb.enable_pgaudit
flag from the New database flag list. - Select on from the Value list.
- Click Done.
- Click Update instance.
gcloud
Enable pgAudit on an instance by setting that instance's
alloydb.enable_pgaudit
flag toon
. For more information on setting an instance's database flags using the Google Cloud CLI, see Configure an instance's database flags.Note that AlloyDB automatically restarts the instance after you update this flag.
- Connect to the primary instance and create the extension in each database.
You must perform the following steps on the primary instance even if you are
enabling auditing on a read pool instance:
- Connect a psql client to the cluster's primary instance, as described in Connect a psql client to an instance.
- At the psql command prompt, connect to the database and create the extension:
\c DB_NAME CREATE EXTENSION IF NOT EXISTS pgaudit;
- Repeat the previous two steps to connect to other databases and create the extension in each one of them.