PostgreSQL Logs
Overview
Section titled “Overview”Evidence: PostgreSQL Logs
Description: Collect PostgreSQL Logs
Category: Applications
Platform: aix
Short Name: pgrl
Is Parsed: No
Sent to Investigation Hub: Yes
Collect File(s): Yes
Background
Section titled “Background”PostgreSQL database logs on macOS record database operations, queries, connections, authentication, and errors. Multiple PostgreSQL versions can coexist, and installation methods include system packages and Homebrew for different architectures.
Data Collected
Section titled “Data Collected”This collector gathers structured data about postgresql logs.
Collection Method
Section titled “Collection Method”This collector gathers PostgreSQL logs from system and Homebrew installations, supporting multiple PostgreSQL versions (postgresql, postgresql@14, etc.) across Intel and Apple Silicon architectures.
Forensic Value
Section titled “Forensic Value”PostgreSQL logs are essential for investigating database attacks, SQL injection, unauthorized access, data exfiltration, and privilege escalation. They provide detailed query logs, connection information, and authentication history.