v1.0 for Steampipe, Powerpipe, Flowpipe, 116 plugins, and 44 mods →
Powerpipe Hub 
Hub
Mods
turbot/azure_compliance
Overview
13Dashboards
1311Controls
430Queries
2Variables
GitHub

Control: 4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server

Description

Enable log_retention_days on PostgreSQL Servers.

Enabling log_retention_days helps PostgreSQL Database to Sets number of days a log file is retained which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.

Remediation

From Azure Console

  1. From Azure Home select the Portal Menu
  2. Go to Azure Database for PostgreSQL server
  3. For each database, click on Server parameters
  4. Search for log_retention_days.
  5. Enter value in range 4-7 (inclusive) and save.

From Azure CLI

Use the below command to update log_retention_days configuration.

az postgres server configuration set --resource-group <resourceGroupName> --server-name <serverName> --name log_retention_days --value <4-7>

Default Value

By default log_retention_days is disabled.

Usage

Run the control in your terminal:

powerpipe control run azure_compliance.control.cis_v150_4_3_6

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run azure_compliance.control.cis_v150_4_3_6 --share

SQL

This control uses a named query:

postgres_db_server_log_retention_days_3

Tags

category = Compliance
cis = true
cis_item_id = 4.3.6
cis_level = 1
cis_section_id = 4.3
cis_type = automated
cis_version = v1.5.0
plugin = azure
service = Azure/PostgreSQL