Verify that server parameter 'log_connections' is set to 'ON' for PostgreSQL Database Server
Why this matters
The log_connections
parameter controls whether PostgreSQL logs each incoming connection attempt, including successful authentications. Enabling this setting ensures that both legitimate access and potential unauthorized attempts are recorded in your query and error logs.
Without connection logging enabled, it becomes significantly harder to identify brute-force login attempts, misconfigurations, or usage anomalies that may impact system security and performance. This setting is a foundational part of any audit-ready logging configuration.
What this check does
This Auto Check verifies whether the PostgreSQL server parameter log_connections
is enabled.
Check Logic:
Passes if:
log_connections
is explicitly set to on
.
Fails if:
log_connections
is unset, null, or set to off
.
Applies to:
- Azure PostgreSQL Single Server
- Azure PostgreSQL Flexible Server
- The check inspects the parameter via Azureβs configuration API and expects an exact value of
on
.
How to fix it
You can enable the log_connections
parameter using the Azure Portal, CLI, or PowerShell.
Azure Portal:
- Navigate to Azure Database for PostgreSQL servers.
- Select the server instance and go to Server parameters.
- Locate the
log_connections
parameter. - Set it to ON.
- Save the changes.
Azure CLI:
az postgres server configuration set \
--resource-group <resourceGroupName> \
--server-name <serverName> \
--name log_connections \
--value on
PowerShell:
Update-AzPostgreSqlConfiguration `
-ResourceGroupName "<ResourceGroupName>" `
-ServerName "<ServerName>" `
-Name "log_connections" `
-Value "on"
Substitute the placeholder values with those specific to your Azure deployment.
Exceptions
There are no recommended exceptions for this setting. Even in high-traffic environments, connection logging should remain enabled. If disabled, justification must be documented and approved by security stakeholders, along with compensating controls for connection-level visibility.