Risk Level: Low
Description:
For PostgreSQL servers, this plugin guarantees that connection duration logs are enabled. Connection duration logs keep track of how long connections take to connect to the server and can be used to track down suspiciously long connections. Only users with administrative privileges can change this setting within Azure PostgreSQL server configuration.
Recommended Action: Ensure the server parameters for each PostgreSQL server have the log_duration setting enabled.
About the Service :
The PostgreSQL Community Edition database engine powers Azure Database for PostgreSQL, a relational database service in the Microsoft cloud. Azure Database for PostgreSQL includes built-in quality, data protection, and automated maintenance for the underlying hardware, operating system, and database engine, among other features.
Impact:
If you disable the "log duration" parameter, your PostgreSQL servers won't be able to log the duration of each finished SQL statement, which means they won't be able to generate query and error logs if any problems arise. Your Azure PostgreSQL database servers' query and error logs can be used to identify, troubleshoot, and rectify configuration issues and sub-optimal performance.
Steps to reproduce :
- Sign in to Azure Management Console.
- Navigate to the Azure All Resources portal at: https://portal.azure.com/#blade/HubsExtension/BrowseAll
- From the Type filter available at the filter bar, select the resource type as only Azure Database for PostgreSQL server.
- Select the name of the PostgreSQL database server that you want to examine from all the listed servers.
- In the navigation panel, select Server Parameters.
- In the search bar, search for log_duration.
- Check if the value of this parameter is set to ON or OFF.
- If it is set to OFF, then the "log_duration" server parameter is not enabled for the selected Azure PostgreSQL database server.
- Repeat steps no. 3 – 8 for each PostgreSQL database server provisioned in the current Azure subscription as well as in other subscriptions in your Microsoft Azure cloud account.
Steps for Remediation :
- Sign in to Azure Management Console.
- Navigate to the Azure All Resources portal at: https://portal.azure.com/#blade/HubsExtension/BrowseAll
- From the Type filter available at the filter bar, select the resource type as only Azure Database for PostgreSQL server.
- Select the name of the PostgreSQL database server that you want to examine from all the listed servers.
- In the navigation panel, select Server Parameters.
- In the search bar, search for log_duration.
- Toggle the value of this parameter to ON.
- Click Save to save the changes.
- Repeat steps no. 3 - 8 to reconfigure other PostgreSQL database servers provisioned in all your Azure subscriptions.
References:
- https://docs.microsoft.com/en-us/azure/postgresql/concepts-monitoring
- https://docs.microsoft.com/en-us/azure/postgresql/concepts-server-logs
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support