View audit logs generated by pgAudit for AlloyDB for PostgreSQL
Stay organized with collections
Save and categorize content based on your preferences.
This page describes how to view the audit logs generated by pgAudit, which
helps you to configure logs that are often required to comply with government,
financial, and ISO certifications. This page also describes the log format for
pgAudit. For more information about pgAudit, see
About pgAudit.
Each pgAudit log entry in the Data Access audit logs
contains fields that represent the information collected for a query. For more
information about these log entry fields, see the
pgAudit documentation.
The following are descriptions of the fields in the Data Access audit logs:
auditClass. The type of the statement that is logged. Possible values are READ,
WRITE, FUNCTION, ROLE, DDL, MISC, and MISC_SET.
auditType. SESSION or OBJECT.
chunkCount. Chunking can occur on the data provided in the
parameter and statement fields. The chunkCount
field indicates the total number of chunks. Also see the description of the
chunkIndex field.
chunkIndex. Specifies the index number of the data chunks in the
parameter and statement fields in the current
request container. The initial number is 1.
Also see the description of the chunkCount field.
command. For example, ALTER TABLE or SELECT.
parameter. The chunkIndex field can determine the
contents of this field; see the description of the chunkIndex
field.
If the value for `pgaudit.log_parameter` is set, the parameter
field can contain the statement parameters as quoted CSV data.
If there are no parameters, this field contains [none].
Otherwise, this field contains [not logged].
statement. Statement that is executed on the backend.
The chunkIndex field can determine the contents
of the statement field; see the description of the
chunkIndex field.
statementId. Unique statement ID for this session. Each statement ID
represents a backend call. Statement IDs are sequential, even if some statements
are not logged.
substatementId. Sequential ID for each sub-statement within the main
statement.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[[["\u003cp\u003eThis page details how to view pgAudit logs, which are essential for compliance with government, financial, and ISO certifications.\u003c/p\u003e\n"],["\u003cp\u003eViewing pgAudit logs requires enabling Data Access audit logs and having the Private Logs Viewer role within your AlloyDB project.\u003c/p\u003e\n"],["\u003cp\u003epgAudit logs are accessible in Cloud Logging as Data Access audit logs via the Logs Explorer, by selecting the \u003ccode\u003ecloudaudit.googleapis.com/data_access\u003c/code\u003e log filter.\u003c/p\u003e\n"],["\u003cp\u003eAn advanced query can be used to view all pgAudit logs for an AlloyDB project, by applying specific parameters to the \u003ccode\u003eresource.type\u003c/code\u003e, \u003ccode\u003elogName\u003c/code\u003e, and \u003ccode\u003eprotoPayload.request.@type\u003c/code\u003e fields.\u003c/p\u003e\n"],["\u003cp\u003eEach pgAudit log entry in Data Access audit logs contains fields like \u003ccode\u003eauditClass\u003c/code\u003e, \u003ccode\u003eauditType\u003c/code\u003e, \u003ccode\u003ecommand\u003c/code\u003e, \u003ccode\u003estatement\u003c/code\u003e, and more, which provide detailed information about a given query.\u003c/p\u003e\n"]]],[],null,["# View audit logs generated by pgAudit for AlloyDB for PostgreSQL\n\nThis page describes how to view the audit logs generated by pgAudit, which\nhelps you to configure logs that are often required to comply with government,\nfinancial, and ISO certifications. This page also describes the log format for\npgAudit. For more information about pgAudit, see\n[About pgAudit](/alloydb/docs/pgaudit/about).\n\nBefore you begin\n----------------\n\nTo view audit logs, you must do the following:\n\n- [Enable Data Access audit logs](/logging/docs/audit/configure-data-access)\n for your AlloyDBproject.\n\n- Ensure that you have the\n [Private Logs Viewer](/logging/docs/access-control#logging.privateLogViewer)\n (`roles/logging.privateLogViewer`) role.\n\nView audit logs\n---------------\n\nThe generated pgAudit logs for a given instance are sent to Cloud Logging as\n[Data Access audit logs](/logging/docs/audit#data-access).\n\nYou can view the generated pgAudit logs by using the\n[Logs Explorer](/logging/docs/view/overview) application.\n\nTo view the pgAudit logs, select the `cloudaudit.googleapis.com/data_access`\nlog filter in the [Logs Explorer](/logging/docs/view/overview) application.\n\nTo view all pgAudit logs for\nan AlloyDB project, execute the following query by using the\n[Advanced Filter](/logging/docs/view/advanced-queries) interface: \n\n```\nresource.type=\"alloydb.googleapis.com/Instance\"\nlogName=\"projects/your-project-name/logs/cloudaudit.googleapis.com%2Fdata_access\"\nprotoPayload.request.@type=\"type.googleapis.com/google.cloud.alloydb.audit.v1.PgAuditEntry\"\n```\n\nLog format for pgAudit\n----------------------\n\nEach pgAudit log entry in the [Data Access audit logs](/logging/docs/audit#data-access)\ncontains fields that represent the information collected for a query. For more\ninformation about these log entry fields, see the\n[pgAudit documentation](https://github.com/pgaudit/pgaudit/blob/master/README.md#format).\n\nSample pgAudit log entry: \n\n```\n{\n protoPayload: {\n @type: \"type.googleapis.com/google.cloud.audit.AuditLog\"\n methodName: \"alloydb.instances.query\"\n request: {\n @type: \"type.googleapis.com/google.cloud.alloydb.audit.v1.PgAuditEntry\"\n auditClass: \"READ\"\n auditType: \"SESSION\"\n chunkCount: \"1\"\n chunkIndex: \"1\"\n command: \"SELECT\"\n database: \"finance\"\n databaseSessionId: 2209692\n parameter: \"[not logged]\"\n statement: \"SELECT * FROM revenue\"\n statementId: 2\n substatementId: 1\n user: \"alice\"\n }\n }\n}\n```\n\nThe following are descriptions of the fields in the Data Access audit logs:\n\n- **auditClass.** The type of the statement that is logged. Possible values are READ, WRITE, FUNCTION, ROLE, DDL, MISC, and MISC_SET.\n- **auditType.** SESSION or OBJECT.\n- **chunkCount.** Chunking can occur on the data provided in the `parameter` and `statement` fields. The `chunkCount` field indicates the total number of chunks. Also see the description of the `chunkIndex` field.\n- **chunkIndex.** Specifies the index number of the data chunks in the `parameter` and `statement` fields in the current `request` container. The initial number is `1`. Also see the description of the `chunkCount` field.\n- **command.** For example, ALTER TABLE or SELECT.\n- **parameter.** The `chunkIndex` field can determine the contents of this field; see the description of the `chunkIndex` field. If the value for \\`pgaudit.log_parameter\\` is set, the `parameter` field can contain the statement parameters as quoted CSV data. If there are no parameters, this field contains `[none]`. Otherwise, this field contains `[not logged]`.\n- **statement.** Statement that is executed on the backend. The `chunkIndex` field can determine the contents of the `statement` field; see the description of the `chunkIndex` field.\n- **statementId.** Unique statement ID for this session. Each statement ID represents a backend call. Statement IDs are sequential, even if some statements are not logged.\n- **substatementId.** Sequential ID for each sub-statement within the main statement.\n\nWhat's next\n-----------\n\n- [Disable pgAudit](/alloydb/docs/pgaudit/disable-audit)."]]