Reading Audit Log Filter files

Audit Log Filter exposes a SQL API to read audit files in JSON or JSONL only. Layout and the JSONL option are covered in Audit Log Filter format - JSON and JSONL and Audit Log Filter file format overview. Set audit_log_filter.format accordingly; audit_log_filter.file defines the path, base name, and suffix used to locate files.

If a file no longer matches that pattern, readers ignore it.

Functions used for reading the files

These functions read JSON or JSONL audit files:

• audit_log_read — returns audit events from the log.

• audit_log_read_bookmark — returns a bookmark for the last read position; pass it into audit_log_read() to resume.

Start a read with a bookmark or an explicit start position:

SELECT audit_log_read(audit_log_read_bookmark());

Continue from the current cursor:

SELECT audit_log_read();

The read sequence ends when the session ends or when you call audit_log_read() with a different argument.

Additional reading

• Audit Log Filter format - JSON and JSONL
• Audit Log Filter file format overview
• Audit log filter functions, options, and variables
• Manage the Audit Log Filter files
• Audit Log Filter overview