Ensure that "log_min_error_statement" database flag configured for your Google Cloud PostgreSQL database instances has the appropriate level of severity in accordance with your organization's logging policy. The "log_min_error_statement" configuration flag defines the minimum message severity level considered an error statement. The severity levels available are DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. ERROR level is considered the best practice setting. Prior to running this conformity rule, you need to specify the name of the minimum message severity level used by the "log_min_error_statement" flag within your organization, in the rule settings, on your Trend Micro Cloud One™ – Conformity account console.
PostgreSQL database auditing can help in troubleshooting operational issues and permit administrators to perform forensic analysis. If the "log_min_error_statement" configuration flag is not set to the correct value, messages may not be classified as error messages appropriately, therefore the flag value should be set in accordance with your organization`s logging protocols.
Note: Some database flag settings can affect instance availability and/or stability, and eventually remove the PostgreSQL instance from the Google Cloud SQL Service Level Agreement (SLA).
To determine if the "log_min_error_statement" flag set for your Cloud PostgreSQL database instances has the appropriate configuration, perform the following operations:
Remediation / Resolution
To configure the "log_min_error_statement" flag severity level in accordance with your organization`s logging policy, perform the following operations:
- Google Cloud Platform (GCP) Documentation
- Cloud SQL for PostgreSQL
- Configuring database flags
- Editing instances
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- PostgreSQL Database Documentation
- 19.8. Error Reporting and Logging
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
You are auditing:
Configure "log_min_error_statement" Flag for PostgreSQL Database Instances
Risk level: Medium