Features

Everything you need for database access monitoring and audit compliance.

Supported Databases

PostgreSQL

PostgreSQL

Log-statement based audit. Captures all executed queries with timestamp, user, and database.

MySQL

MySQL

General log driver. Pulls all statements from the general_log table with full context.

SQL Server

SQL Server

Extended Events (XEvents) driver. Works with SQL Server 2016+ and Azure SQL.

Oracle

Oracle

Unified Audit Trail driver. Requires Oracle 12c+. Captures actions, objects, and SQL text.

Core Capabilities

🔍 Collectors & Groups

Organize database connections into collectors and groups. Each collector runs independently with its own pulling interval and configuration. Groups let you scope policies to specific sets of databases.

🛡 Audit Policies

Define what to capture: DDL, DML, SELECT, LOGIN, or any event type. Filter by resource names, use predicates with operators (equals, contains, regex, greater-than), and classify violations by severity.

🔧 Event Processors

Transform audit events before policy matching. Rename fields, mask sensitive data, normalize usernames, or run custom JavaScript. Processors run in sorted order across the pipeline.

🚫 Exclusion Filters

Drop irrelevant events early in the pipeline for performance. Filter by resource, source IP, database name, username, or query length.

⚡ Automated Actions

When a violation occurs, trigger automated responses: webhook calls (HTTP/HTTPS), syslog messages (UDP/TCP), or local scripts. Template fields and lookup table integration for dynamic payloads.

💻 JavaScript Scripting

Write custom JavaScript snippets for policies, event processors, and exclusion filters. Full access to the event object with sandboxed execution and configurable resource limits.

Monitoring & Analytics

📊 Discover

Search and browse all audit events with filtering by time, database, user, source, event type, and full-text query search.

🚨 Violations

View all policy violations with severity, timestamp, linked events, and the policy that triggered them.

📈 Analytics & Trends

Charts for event volume, violation trends, top databases, top users, and activity patterns over time.

Operations & Administration

❤ System Health

System alarms, server events, storage health, runtime counters, and action execution logs.

📡 REST APIs

Query events, violations, counters, and alarms via API. Push events from external sources. Full configuration management API.

🛠 CLI Administration

Install, create/delete services, reset admin, enable APIs, import/export configuration - all from the command line.

Deployment

📦 Self-Contained

Single executable. No runtime installation required. Download, extract, run. Works on fresh Windows and Linux systems.

🔒 Self-Hosted

Runs on your infrastructure. No data leaves your network. Self managed storage - no external database required.

⚙ Service Mode

Run as a systemd service on Linux or a Windows Service. Auto-start on boot with automatic restart on failure.