lacework-global-548
4.3.6 Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server (Automated)
Profile Applicability
• Level 1
Description
Enable log_retention_days on PostgreSQL Servers.
Rationale
Enabling log_retention_days helps PostgreSQL Database to Sets number of days a log file is retained which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.
Impact
Enabling this setting will enable logs to be retained for the number entered. If this is enabled for a high traffic server, the log may grow quickly to occupy a large amount of disk space. In this case you may want to set this to a lower number.
Audit
From Azure Portal
- From Azure Home select the Portal Menu
- Go to
Azure DatabaseforPostgreSQL server - For each database, click on
Server parameters - Search for
log_retention_days. - Ensure that
value greater than 3.
From Azure CLI
Ensure log_retention_days value is greater than 3.
az postgres server configuration show --resource-group <resourceGroupName> --server-name <serverName> --name log_retention_days
Remediation
From Azure Portal
- From Azure Home select the Portal Menu
- Go to
Azure DatabaseforPostgreSQL server - For each database, click on
Server parameters - Search for
log_retention_days. - Enter value in range 4-7 (inclusive) and save.
From Azure CLI
Use the below command to update log_retention_days configuration.
az postgres server configuration set --resource-group <resourceGroupName> --server-name <serverName> --name log_retention_days --value <4-7>
References
https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal
https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server
https://docs.microsoft.com/en-us/security/benchmark/azure/security-controls-v3-logging-threat-detection#lt-6-configure-log-storage-retention