PostgreSQL Data
- To utilize the postgresql, ensure that the database server is configured to log DDL (Data Definition Language) command activities, privileged activities, and database authentication events.
The Cyences app supports following data collection mechanisms:
1. Auditing user and login activity using Splunk DB Connect app
App Installation
| App | Search Head | Indexer | Heavy Forwarder | UF / Deployment Server | Additional Details |
|---|---|---|---|---|---|
| Splunk DB Connect | - | - | Required | - | Make sure to use postgres:audit:user and postgres:audit:login sourcetypes based on table when configuring the data input. |
| Splunk DBX Add-on for Postgres JDBC | - | - | Required | - | This addon is DB Connect App’s requirement for database driver availability of PostgreSQL. |
- Details needed from DBA Team:
- IP Address or FQDN of DB server
- Port number for DB server
- DB table names where login and user activity audited
- Username & Password - Should have Readonly access to the Audit Trail Table
- Default database name and Database name
- Timezone on the database server
Estimated Data Size
The license usage is based on the audit policy and database usage of your environment.