Ensure Server Parameter 'log_retention_days' is greater than 3 days for PostgreSQL Database Server

'Enable log_retention_days on PostgreSQL Servers. Rationale: Enabling log_retention_days helps PostgreSQL Database to Sets number of days a log file is retained which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.'

Risk Level: Low
Cloud Entity: Azure Database for PostgreSQL
CloudGuard Rule ID: D9.AZU.LOG.06
Covered by Spectral: Yes
Category: Database

GSL LOGIC

PostgreSQL should have logsConfiguration contain [ name='log_retention_days'  and value in ('4', '5', '6', '7')]

REMEDIATION

  1. Login to Azure Portal using https://portal.azure.com
  2. Go to Azure Database for PostgreSQL server
  3. For each database, click on Server parameters
  4. Search for log_retention_days.
  5. Enter value in range 4-7 (inclusive) and save.
    Azure Command Line Interface 2.0 Use the below command to update log_retention_days configuration.

Azure Database for PostgreSQL

Azure Database for PostgreSQL is a relational database service based on the open-source Postgres database engine. It's a fully managed database as a service offering that can handle mission-critical workloads with predictable performance, security, high availability, and dynamic scalability. It's available in two deployment options, Single Server and Hyperscale (Citus) (preview). The Hyperscale (Citus) option horizontally scales queries across multiple machines using sharding, and serves applications that require greater scale and performance

Compliance Frameworks

  • Azure CIS Foundations v. 1.1.0
  • Azure CIS Foundations v. 1.2.0
  • Azure CIS Foundations v. 1.3.0
  • Azure CIS Foundations v. 1.3.1
  • Azure CIS Foundations v. 1.4.0
  • Azure CIS Foundations v. 1.5.0
  • Azure CIS Foundations v.2.0
  • Azure CloudGuard Best Practices
  • Azure ITSG-33
  • Azure NIST 800-53 Rev 5
  • CloudGuard Azure All Rules Ruleset