Control: 4.3.3 Ensure server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
Description
Enable log_connections on PostgreSQL Servers.
Enabling log_connections helps PostgreSQL Database to log attempted connection to the server, as well as successful completion of client authentication. Log data can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.
Remediation
From Azure Portal
- Login to Azure Portal using https://portal.azure.com.
- Go to
Azure Database for PostgreSQL servers. - For each database, click on
Server parameters. - Search for
log_connections. - Click
ONand save.
From Azure CLI
Use the below command to update log_connections configuration.
az postgres server configuration set --resource-group <resourceGroupName> --server-name <serverName> --name log_connections --value on
From PowerShell
Use the below command to update log_connections configuration.
Update-AzPostgreSqlConfiguration -ResourceGroupName <ResourceGroupName> - ServerName <ServerName> -Name log_connections -Value on
Default Value
By default log_connections is enabled (set to on).
Usage
Run the control in your terminal:
powerpipe control run azure_compliance.control.cis_v210_4_3_3Snapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run azure_compliance.control.cis_v210_4_3_3 --shareSQL
This control uses a named query:
select s.id as resource, case when lower(config -> 'ConfigurationProperties' ->> 'value') != 'on' then 'alarm' else 'ok' end as status, case when lower(config -> 'ConfigurationProperties' ->> 'value') != 'on' then s.name || ' server parameter log_connections off.' else s.name || ' server parameter log_connections on.' end as reason , s.resource_group as resource_group , sub.display_name as subscriptionfrom azure_postgresql_server s cross join lateral jsonb_array_elements(server_configurations) config left join azure_subscription as sub on sub.subscription_id = s.subscription_idwhere config ->> 'Name' = 'log_connections';