Auditing
Crunchy Bridge has two types of audit logs to help with compliance:
- Account-level audit logs for crunchybridge.com
- Database-level audit logs via pgAudit, which is enabled by default
Account-level auditing
All primary actions against a team and Postgres instance within Crunchy Bridge are automatically audited. Audited events include:
- Provisioning and deprovisioning
- Resizing instances
- Upgrading Postgres
- Logging into Crunchy Bridge
- Inviting others to a team
- Creating and removing log destinations
- Creating and removing firewall rules
- Viewing database connection credentials
You can view audit logs for all of a Team’s clusters under the Settings tab at the Team level. Audit logs for a single cluster are also visible in the Settings tab at the cluster level. You can also retrieve audit logs using the api.
Database-level auditing
In addition to account-level audit logs, Crunchy Bridge provides auditing of database roles and activities using pgAudit, which is the same tooling used to ensure CIS Benchmark compliance for PostgreSQL. Auditing of all commands for your database is enabled by default for the postgres
user role and individual user accounts for Crunchy Bridge.
ℹ️ Info
The application user for your database will not have auditing enabled by default. This is to reduce verbosity. However, you can enable it with thepostgres
role. See user management for more details.
Customizing Postgres auditing
By default, pgAudit is configured to log all commands run by the specified users. You can customize the level of auditing for a specific role by executing ALTER ROLE
and setting the desired log level.
Log retention and formatting
Crunchy Bridge retains a small portion of recent logs. These are available through the CLI with the cb logs
. For longer-term retention we recommend sending your logs to a third party logging provider.
Audit logs are tagged with a log_parameter
prefix so you can search and filter these from other log content. The default is <not logged>
but you can customize this and other formatting options.