More Info:
Ensure that “log_connections” server parameter is enabled for all PostgreSQL database servers available in your Microsoft Azure cloud account. The “log_connections” parameter allows each attempted connection to the database server to be logged, including successful client authentication requests. Only Azure users with administrative privileges can change this parameter at session start, and it cannot be changed during an access session.Risk Level
MediumAddress
SecurityCompliance Standards
CISAZURE, CBP, HITRUST, SOC2, NISTCSF, PCIDSSTriage and Remediation
Remediation
Using Console
Using Console
To enable the “LOG_CONNECTIONS” parameter for PostgreSQL servers in Azure, please follow the below steps:
- Login to Azure portal (https://portal.azure.com/)
- Navigate to the PostgreSQL server for which you want to enable the parameter.
- In the left-hand menu, click on “Settings”.
- Under the “Settings” tab, click on the “Configuration” option.
- Under the “Parameters” tab, search for the “logging_collector” parameter.
- Set the value of “logging_collector” parameter to “on”.
- Search for the “log_connections” parameter.
- Set the value of “log_connections” parameter to “on”.
- Click on the “Save” button to save the changes.
Using CLI
Using CLI
To enable the “LOG_CONNECTIONS” parameter for PostgreSQL servers in Azure using Azure CLI, follow these steps:
- Open the Azure CLI in your terminal or command prompt.
-
Log in to your Azure account using the command:
-
Once logged in, select the Azure subscription where your PostgreSQL server is located using the command:
-
Next, retrieve the resource ID of your PostgreSQL server using the command:
Replace
<resource-group-name>
with the name of the resource group where your PostgreSQL server is located, and<server-name>
with the name of your PostgreSQL server. -
Once you have the resource ID, use the following command to enable the “LOG_CONNECTIONS” parameter:
Replace
<resource-group-name>
with the name of the resource group where your PostgreSQL server is located, and<server-name>
with the name of your PostgreSQL server. -
After executing the command, the “LOG_CONNECTIONS” parameter will be enabled for your PostgreSQL server. You can verify this by checking the server configuration using the command:
Replace
<resource-group-name>
with the name of the resource group where your PostgreSQL server is located, and<server-name>
with the name of your PostgreSQL server.
Using Python
Using Python
To remediate the misconfiguration “Enable ‘LOG_CONNECTIONS’ Parameter for PostgreSQL Servers” in Azure using Python, you can follow these steps:This code will print “on” if the “log_connections” parameter has been successfully enabled.
- First, you need to authenticate and create a PostgreSQL server object using the Azure Python SDK. You can use the following code snippet to achieve this:
- Once you have the server object, you can update the server parameters to enable the “log_connections” parameter. You can use the following code snippet to achieve this:
- Finally, you can verify that the parameter has been updated by checking the server parameters. You can use the following code snippet to achieve this: