PostgreSQL database instance ‘log_min_duration_statement’ database flag should be set to ‘-1’ (disabled)

Description

The PostgreSQL database instance flag ‘log_min_duration_statement’ defines the minimum amount of execution time of a SQL statement in milliseconds where the total duration of the statement is logged. Ensure this flag is disabled by setting it to -1. This means there will be no logging of SQL statements because some may include sensitive information that should be not be recorded in logs.

Remediation Steps

Google Cloud Console

  • Navigate to Cloud SQL instances.

  • Click on the Cloud SQL PostgreSQL database instance name to go to the Overview page.

  • Click EDIT and scroll down to the Flags section.

  • Select ADD FLAG, choose the log_min_duration_statement flag, and set it -1.

  • Click DONE.

gcloud CLI

  • Set the log_min_duration_statement database flag to -1 for each Cloud SQL PostgreSQL database instance:

    • gcloud sql instances patch INSTANCE_NAME --database-flags log_min_duration_statement=-1