Reading Audit Log Filter files

Audit Log Filter exposes a SQL API to read audit files in JSON or JSONL only. Layout and the JSONL option appear in Audit Log Filter format - JSON and JSONL and Audit Log Filter file format overview.

Set audit_log_filter.format to match. audit_log_filter.file defines the path, base name, and suffix that readers use to locate files.

When a file no longer matches the pattern, readers ignore the file.

Functions used for reading the files

The following functions read JSON or JSONL audit files:

• audit_log_read — returns audit events from the log.

• audit_log_read_bookmark — returns a bookmark for the last read position. Pass the bookmark into audit_log_read() to resume.

Start a read with a bookmark or an explicit start position:

SELECT audit_log_read(audit_log_read_bookmark());

Continue from the current cursor:

SELECT audit_log_read();

The read sequence ends when the session ends or when you call audit_log_read() with a different argument.

Additional reading

• Audit Log Filter format - JSON and JSONL

• Audit Log Filter file format overview

• Audit log filter functions, options, and variables

• Manage the Audit Log Filter files

• Audit Log Filter overview