Auditing and Traceability
Auditing on the PostgreSYS platform is based on full traceability of all operations performed by the infrastructure and management components.
The PgSmart event logging mechanism was designed to provide technical evidence regarding the use of PgSmart Agent and PgSmart CLI, enabling incident reconstruction, forensic analysis and verification of operational compliance.
Audit Artifacts (Logs)
Operations performed — from package installation to the execution of backups and configuration changes — are recorded locally on the servers.
Log File Locations
The table below details the default locations of log artifacts generated by command-line components and execution agents:
| Component | Default Directory | Main Log File | Audit Scope |
|---|---|---|---|
| PgSmart Agent | /var/log/pgsmart-agent | pgsmart.log | Records remotely requested task execution, service status and interactions with the OS. |
| PgSmart CLI | /var/log/pgsmart-client | pgsmart.log | Records commands issued by the operator, input parameters and API responses. |
For security auditing purposes, access to these directories should be restricted to administrative users only (root or specific sudoers), ensuring the integrity of the records.
To audit operations in the Web Interface, refer to the documentation: Auditing and Traceability on PgSmart Web.
Audit Level Configuration
The amount of detail recorded is controlled by specific parameters, allowing the configuration of logging granularity according to the organization’s security policy.
To configure these parameters, refer to: PgSmart CLI Parameter Configuration.
1. Detail Level (log_detail)
Defines the technical depth of information recorded for each event:
- Normal: Records the event, its initiator (if applicable), timestamp and operation result. Ideal for standard operational auditing.
- Context: Adds information about where the message (info, warning, etc.) was generated, using the following format:
<function name>(<absolute file path>:<line>:<column>). Useful for advanced diagnostics. - Stack: Records full stack trace in case of exceptions. Recommended only for development or deep debugging.
2. Command Traceability (log_command_history)
This is the most critical parameter for security audits.
- When enabled, PgSmart records the exact history of Operating System (OS) commands orchestrated by the tool.
- This allows auditing of every instruction executed in the Linux shell, ensuring full transparency of automation actions.
3. Module Scope (log_debug)
Allows filtering logging for specific namespaces (e.g.: pgsmart.services.backup, pgsmart.api.install), focusing analysis on critical components when necessary.
Retention Policy (Log Rotation)
To ensure the availability of audit logs over time and avoid disk space exhaustion, the platform implements configurable automatic rotation policies:
- Time-based Rotation (
log_rotation_age): Defines the temporal lifecycle of the active log file (e.g., daily, weekly). Ensures time-segmented auditing. - Size-based Rotation (
log_rotation_size): Defines the physical size limit for the file (e.g., 10MB). Ensures predictable storage usage.
Access and Analysis
Access to audit logs is performed directly on the host server’s filesystem. This ensures that, even in case of application failure, the records remain accessible via terminal.
Footnotes
-
LGPD (Lei Geral de Proteção de Dados Pessoais) is the Brazilian Federal Law (13.709/2018) that regulates the processing of personal data in physical and digital media. It requires the adoption of security measures (including the protection and retention of audit logs) to ensure compliance and accountability. ↩
-
SIEM (Security Information and Event Management) is a technology solution for automated log collection and intelligent correlation. It is widely adopted to support security controls such as PCI-DSS Requirement 10 (traceability and access monitoring) and ISO 27001 log retention controls, and helps in compliance with LGPD and GDPR (European data protection regulation). ↩