Ensure that "log_min_error_statement" database flag configured for your Google Cloud PostgreSQL database instances has the appropriate level of severity in accordance with your organization's logging policy. The "log_min_error_statement" configuration flag defines the minimum message severity level considered an error statement. The severity levels available are DEBUG5, DEBUG4, DEBUG3, DEBUG2, DEBUG1, INFO, NOTICE, WARNING, ERROR, LOG, FATAL, and PANIC. ERROR level is considered the best practice setting. Prior to running this conformity rule, you need to specify the name of the minimum message severity level used by the "log_min_error_statement" flag within your organization, in the rule settings, on your Trend Micro Cloud One™ – Conformity account console.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
PostgreSQL database auditing can help in troubleshooting operational issues and permit administrators to perform forensic analysis. If the "log_min_error_statement" configuration flag is not set to the correct value, messages may not be classified as error messages appropriately, therefore the flag value should be set in accordance with your organization`s logging protocols.
Note: Some database flag settings can affect instance availability and/or stability, and eventually remove the PostgreSQL instance from the Google Cloud SQL Service Level Agreement (SLA).
Audit
To determine if the "log_min_error_statement" flag set for your Cloud PostgreSQL database instances has the appropriate configuration, perform the following operations:
Remediation / Resolution
To configure the "log_min_error_statement" flag severity level in accordance with your organization`s logging policy, perform the following operations:
References
- Google Cloud Platform (GCP) Documentation
- Cloud SQL for PostgreSQL documentation
- Configuring database flags
- Edit instances
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- PostgreSQL Database Documentation
- 19.8. Error Reporting and Logging
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud sql instances list
- gcloud sql instances describe
- gcloud sql instances patch
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Configure "log_min_error_statement" Flag for PostgreSQL Database Instances
Risk Level: Medium