Extensions

pgaudit — Statement-Level Audit Logging

Enable pgaudit to send compliance-grade audit logs to MonPG Log Insights.

If your buyer's security review asks for "structured audit logging," that's pgaudit. It hooks the executor and writes audit records to stderr for every statement type you classify — READ, WRITE, DDL, FUNCTION, ROLE, MISC. MonPG parses these on the Log Insights page and lets you filter by user, statement_class, command_tag. The point is producing a SOC 2 / HIPAA / PCI-grade audit trail that's actually queryable, not just present.

Enabling

pgaudit is SPL-bound, which means MonPG can't install it for you in hosted onboarding. You enable via your provider's console and restart.

AWS RDS / Aurora

  1. Open the RDS Parameter Group attached to the instance.
  2. Set shared_preload_libraries to include pgaudit (comma-separated with whatever's already there).
  3. Save the Parameter Group. Reboot the DB instance.
  4. Run CREATE EXTENSION pgaudit; on each monitored database.
  5. Set pgaudit.log to the statement classes you want captured — typically write, ddl, role for compliance use cases.

Azure Flexible Server

  1. Server parameters blade → add pgaudit to azure.extensions.
  2. Add pgaudit to shared_preload_libraries. Save.
  3. Restart the server.
  4. CREATE EXTENSION pgaudit; + configure pgaudit.log.

Google Cloud SQL

Set the flag cloudsql.enable_pgaudit=on. Cloud SQL handles the restart. Then CREATE EXTENSION pgaudit;.

Self-hosted

Edit postgresql.conf: shared_preload_libraries = 'pg_stat_statements,pgaudit'. Restart. CREATE EXTENSION pgaudit;. Configure pgaudit.log.

Where it isn't

Heroku doesn't allow pgaudit (not on the extwlist). If audit logging is a hard requirement and you're on Heroku, the answer is "move off Heroku" — sorry.