PostgreSQL database instance ‘log_connections’ database flag should be set to ‘on’

Description

The PostgreSQL database instance flag ‘log_connections’ causes successful and unsuccessful connections to be logged. This data can be used to identify, troubleshoot, and repair configuration errors and denial of service attacks.

Remediation Steps

Google Cloud Console

• Navigate to Cloud SQL instances.

• Click on the Cloud SQL PostgreSQL database instance name to go to the Overview page.

• Click EDIT and scroll down to the Flags section.

• Select ADD FLAG, choose the log_connections flag, and set the value to on.

• Click DONE.

gcloud CLI

• Set the log_connections database flag to on for each Cloud SQL PostgreSQL database instance:

  • gcloud sql instances patch INSTANCE_NAME --database-flags log_connections=on

Documentation Links

Runtime

• PostgreSQL error reporting and logging

• Cloud SQL configuring database flags

• CLI: gcloud sql instances patch