Database Audit Logs

Who queried what.

Overview

Database audit logs record every database access for compliance and security investigation. Encryption protects data at rest; audit logs answer "who accessed it" which is what compliance frameworks and breach investigations actually need.

• Who queried what. Per-user, per-query audit trail; produces forensic capability live data does not retain.
• Engine-native. pgaudit (Postgres), MySQL Enterprise Audit, Oracle Audit; matches the engine and produces high-fidelity logs.
• Per-action filtering. SELECT vs DML vs DDL; supports targeted alerting and reduces volume.
• Tamper-resistant storage plus retention. Audit logs to separate storage supports compliance; per-regulation retention windows match audit requirements.

The approach

The practical approach: engine-native auditing, separate tamper-resistant storage, anomaly alerting on access patterns, per-action filtering for volume control, documented per-table policy. The team’s discipline produces real audit capability rather than logs nobody reads.

• Engine-native auditing. pgaudit for Postgres, etc; the database knows the schema and produces accurate logs.
• Separate storage. Audit logs in different storage from app data; reduces tampering risk.
• Anomaly alerting. Unusual access patterns trigger alerts; supports investigation by surfacing the anomaly.
• Per-action filtering plus documented policy. Target high-value actions to reduce volume; per-table audit configuration committed for compliance.

Why this compounds

Database audit log discipline compounds across years. Each anomaly caught grows the team’s detection; the team’s database security posture grows; new databases inherit the audit pattern.

• Better security. Audit logs catch insider threats; the unusual access surfaces in alerting.
• Better compliance. Auditors see real logs; supports SOC 2, HIPAA, PCI certifications.
• Better incident response. Forensic data for breach analysis; supports security investigation with evidence.
• Institutional knowledge. Each anomaly teaches access patterns; the team’s database security muscle grows.

Database audit log discipline is an operational discipline that pays off across years. Nova AI Ops integrates with database telemetry, surfaces patterns, and supports the team’s database security discipline.