PostgreSQL database instance ‘log_min_duration_statement’ database flag should be set to ‘-1’ (disabled)¶
Description¶
The PostgreSQL database instance flag ‘log_min_duration_statement’ defines the minimum amount of execution time of a SQL statement in milliseconds where the total duration of the statement is logged. Ensure this flag is disabled by setting it to -1. This means there will be no logging of SQL statements because some may include sensitive information that should be not be recorded in logs.
Remediation Steps¶
Google Cloud Console¶
Navigate to Cloud SQL instances.
Click on the Cloud SQL PostgreSQL database instance name to go to the Overview page.
Click EDIT and scroll down to the Flags section.
Select ADD FLAG, choose the log_min_duration_statement flag, and set it -1.
Click DONE.
gcloud CLI¶
Set the
log_min_duration_statement
database flag to-1
for each Cloud SQL PostgreSQL database instance:gcloud sql instances patch INSTANCE_NAME --database-flags log_min_duration_statement=-1