We use Postgres. After setting log_statement=all, it'll only log queries from psql, not from the application accessing it via JDBC.
I find this a bit counter-intuitive. Isn't ~95% of data access in an application done via JDBC (or something similar in other languages)?
In articles about HIPAA implementation, it's recommemded to set log_statement=all. What purpose will this serve if majority of data access wouldn't be logged at all?
What queries should we log (or should we log them at all?) Should we use something like log4jdbc? Or is log_statement=all enough?