iCompaas Support

Profile Applicability:

• Level 1
  

Description:
 The log_connections parameter in PostgreSQL controls whether a log entry is made each time a new connection is established to the database. Enabling this setting helps administrators track connection attempts, providing visibility into who is connecting to the database.

Rationale:
 Logging connections can help identify unusual access patterns or unauthorized access attempts, which is valuable for security auditing and forensic investigation. Enabling log_connections is essential for monitoring access to sensitive databases.

Impact:

• Pros:
  

  • Provides visibility into who is accessing the database and when.
    

  • Useful for detecting unauthorized access and performing audits.
    

  • Assists in identifying issues related to connection handling or resource usage.
    

• Cons:
  

  • Increased log size, which may require additional storage or management.
    

  • May generate a large volume of logs on high-traffic servers, potentially impacting performance if not managed properly.
    

Default Value:

• By default, log_connections is set to OFF.
  

Pre-requisites:

• Ensure that PostgreSQL is configured to store and manage logs effectively to prevent performance issues.
  

Remediation

Test Plan:

Using Azure Portal:

1. Log in to Azure Portal: https://portal.azure.com.
   

2. Navigate to Azure Database for PostgreSQL Servers.
   

3. Select the relevant server.
   

4. Under Settings, click on Server parameters.
   

5. Ensure that the log_connections parameter is set to ON.
   

Using Azure CLI:
1. Run the following command to check the log_connections parameter:

az postgres server show --resource-group <resource-group-name> --name <server-name> --query "properties.parameters.log_connections"

• The output should indicate ON.
  

Implementation Plan:

Using Azure Portal:

1. Navigate to Azure Database for PostgreSQL Servers.
   

2. Select the server and go to Server parameters.
   

3. Set the log_connections parameter to ON and click Save.
   

Using Azure CLI:
1.  To enable log_connections, run the following command:

az postgres server configuration set --resource-group <resource-group-name> --server-name <server-name> --name log_connections --value ON

Backout Plan:

Using Azure Portal:

1. Go to Azure Database for PostgreSQL Servers.
   

2. Select the server and navigate to Server parameters.
   

3. Set log_connections back to OFF if necessary.
   

Using Azure CLI:
1.  To disable log_connections, run the following command:

az postgres server configuration set --resource-group <resource-group-name> --server-name <server-name> --name log_connections --value OFF

References:

• Azure PostgreSQL Server Configuration
  

• PostgreSQL Server Configuration for Logging