Getting started
Getting started with CipherStash Audit
CipherStash Audit enables SQL statement and data access logging for PostgreSQL databases. This tutorial walks you through how to get started with Audit. You will:
- Install the prerequisites
- Enable audit logging for a PostgreSQL database
- View audit logs in the CipherStash Console
At the end of the guide, you will have enabled audit logging for your PostgreSQL database and be able to view the logs in the CipherStash Console.
Installing prerequisites
This guide assumes you have a CipherStash account, CipherStash Proxy running, the CipherStash CLI, and a PostgreSQL database. If you haven't already, follow the Getting started with CipherStash Proxy guide, and/or create a CipherStash account by visiting https://console.cipherstash.com/.
PostgreSQL
CipherStash CLI
Enabling audit logging
To enable audit logging, you need to configure the CipherStash Proxy to start collecting logs and sending them to the CipherStash API.
Step 1: Configure CipherStash Proxy
CipherStash Proxy can be configured using a configuration file or environment variables. Use the following settings:
1username = "username"
2password = "password"
3
4workspace_id = "workspace_id"
5client_access_key = "client_access_key"
6
7query_logging = true
8
9[audit]
10mode = audit
11
12[database]
13name = "database_name"
14username = "database_username"
15host = "localhost"
16port = 5432
17
Step 2: Restart CipherStash Proxy
After updating the configuration file, restart CipherStash Proxy to apply the changes. Depending on how you have the proxy running, you may need to restart the Docker container or the service.
Step 3: Verify the logs are being sent
To verify that the logs are being sent to the CipherStash API, you can check the logs in the CipherStash Console either under the Statement Logs
or Data Access Logs
sections.
Viewing audit logs
Once you have enabled audit logging, you can view the logs in the CipherStash Console!
If you have any feedback on what type of visualizations or aggregations you'd like to see, let us know by emailing our Director of Solutions Engineering, CJ Brewer.