Verify that server parameter 'log_disconnections' is set to 'ON' for PostgreSQL Database Server
Why this matters
When a session ends in PostgreSQL, the details—including session duration and reason for termination—can provide critical context for security investigations and performance analysis. Enabling log_disconnections
ensures these events are captured in the system logs.
Without this setting, terminated sessions (whether intentional or abnormal) may go unnoticed. This impairs your ability to detect unexpected behavior, such as brute-force login attempts or system errors causing dropped connections.
What this check does
This Auto Check verifies whether the PostgreSQL server parameter log_disconnections
is enabled.
Check Logic:
Passes if:
log_disconnections
is explicitly set to on
.
Fails if:
log_disconnections
is unset, null, or set to off
.
Applies to:
- Azure PostgreSQL Single Server
- Azure PostgreSQL Flexible Server
- The check reads the parameter value through Azure’s configuration API.
How to fix it
Set the log_disconnections
parameter using Azure Portal, CLI, or PowerShell.
Azure Portal:
- Go to Azure Database for PostgreSQL servers.
- Open your server and navigate to Server parameters.
- Find
log_disconnections
. - Set the value to ON.
- Save the configuration.
Azure CLI:
az postgres server configuration set \
--resource-group <resourceGroupName> \
--server-name <serverName> \
--name log_disconnections \
--value on
PowerShell:
Update-AzPostgreSqlConfiguration `
-ResourceGroupName "<ResourceGroupName>" `
-ServerName "<ServerName>" `
-Name "log_disconnections" `
-Value "on"
Be sure to replace placeholder values with those used in your environment.
Exceptions
This check should not be disabled in production environments. For high-volume systems, enabling this setting may increase log volume. If disabling is necessary for performance reasons, document this decision along with compensating monitoring controls.