Ensure that "log_duration" server parameter is enabled for all PostgreSQL database servers created in your Microsoft Azure cloud account. Once enabled, the "log_duration" parameter allows recording the duration of each completed PostgreSQL statement. Only users with administrative privileges can change this setting within Azure PostgreSQL server configuration. For database clients using extended query protocol, the duration of the "Parse", "Bind", and "Execute" steps is logged independently.
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
Once "log_duration" parameter is enabled, your PostgreSQL servers can log the duration of each completed SQL statement, which in turn generates query and error logs if any issues are detected. Database query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance for your Azure PostgreSQL database servers.
Audit
To determine if "log_duration" parameter is enabled for your Azure PostgreSQL servers, perform the following actions:
Remediation / Resolution
To enable "log_duration" server parameter for all PostgreSQL database servers available within your Microsoft Azure cloud account, perform the following actions:
References
- Azure Official Documentation
- Monitor and tune Azure Database for PostgreSQL - Single Server
- Server logs in Azure Database for PostgreSQL - Single Server
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az postgres server
- az postgres server list
- az postgres server configuration show
- az postgres server configuration set