Skip to main content

Description

Enable log_disconnections on PostgreSQL Servers.

NOTE: This recommendation currently only applies to Single Server, not Flexible Server. See additional information below for details about the planned retirement of Azure PostgreSQL Single Server.

Rationale​

Enabling log_disconnections helps PostgreSQL log the end of a session, including duration, which in turn generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and suboptimal performance.

Impact​

Enabling this setting logs all disconnections. If this is enabled for a high-traffic server, the log may grow quickly.

Audit​

From Azure Portal​

  1. From Azure Home, select the Portal Menu.
  2. Go to Azure Database for PostgreSQL servers.
  3. For each database, under Settings, click Server parameters.
  4. Search for log_disconnections.
  5. Ensure that log_disconnections is set to ON.

From Azure CLI​

Ensure log_disconnections is set to ON:

az postgres server configuration show \
    --resource-group {{resource-group-name}} \
    --server-name {{server-name}} \
    --name log_disconnections

From PowerShell​

Ensure log_disconnections is set to ON:

Get-AzPostgreSqlConfiguration `
    -ResourceGroupName {{resource-group-name}} `
    -ServerName {{server-name}} `
    -Name log_disconnections

From Azure Policy​

If referencing a digital copy of this Benchmark, clicking a Policy ID will open a link to the associated Policy definition in Azure.

Default Value​

By default, log_disconnections is disabled (set to off).

References​

  1. https://docs.microsoft.com/en-us/rest/api/postgresql/singleserver/configurations/list-by-server
  2. https://docs.microsoft.com/en-us/azure/postgresql/howto-configure-server-parameters-using-portal
  3. https://learn.microsoft.com/en-us/security/benchmark/azure/mcsb-logging-threat-detection#lt-3-enable-logging-for-security-investigation
  4. https://learn.microsoft.com/en-us/powershell/module/az.postgresql/get-azpostgresqlconfiguration?view=azps-9.2.0#example-2-get-specified-postgresql-configuration-by-name
  5. https://learn.microsoft.com/en-us/powershell/module/az.postgresql/update-azpostgresqlconfiguration?view=azps-9.2.0#example-1-update-postgresql-configuration-by-name

Additional Information​

RETIREMENT of Azure PostgreSQL Single Server: Azure PostgreSQL Single Server is slated for retirement by March 25, 2025. Please use these resources to consider and prepare for migration: