Ensure that all your Microsoft Azure PostgreSQL servers have a sufficient log retention period, i.e. greater than 3 days, configured for reliability and compliance purposes. The retention period, represented by the "log_retention_days" parameter, is the number of days to retain log data for the databases hosted on Azure PostgreSQL servers. The compliant value for the retention period is 4 to 7 days (inclusive).
This rule resolution is part of the Conformity Security & Compliance tool for Azure.
A retention period of 4 days or more, should allow you to collect the necessary amount of logging data required to identify and mitigate any PostgreSQL security and performance issues. The logging data can contain query logs – useful to check for sub-optimal performance, and error logs – used to identify anomalies and potential security breaches, misuse of information and unauthorized access to PostgreSQL databases.
Audit
To determine if the log retention period ("log_retention_days" parameter) configured for your PostgreSQL database servers is greater than 3 days, perform the following actions:
Remediation / Resolution
To extend the log retention period for your Microsoft Azure PostgreSQL database servers, perform the following actions:
References
- Azure Official Documentation
- Monitor and tune Azure Database for PostgreSQL - Single Server
- Server logs in Azure Database for PostgreSQL - Single Server
- CIS Microsoft Azure Foundations
- Azure Command Line Interface (CLI) Documentation
- az postgres server
- az postgres server list
- az postgres server configuration show