Ensure that the "log_statement_stats" database flag is disabled for your Google Cloud PostgreSQL database instances in order to avoid performance issues caused by excessive logging. The "log_statement_stats" configuration flag controls the inclusion of end to end performance statistics within PostgreSQL logs for each SQL query.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
efficiency
excellence
The "log_statement_stats" database flag enables a crude profiling method for logging end to end performance statistics of an SQL query. Even though enabling this flag be useful for troubleshooting, it may increase the amount of logs significantly and cause performance overhead.
Note: Some database flag settings can affect instance availability and/or stability, and eventually remove the PostgreSQL instance from the Google Cloud SQL Service Level Agreement (SLA).
Audit
To determine if the "log_statement_stats" flag is disabled for your Google Cloud PostgreSQL database instances, perform the following actions:
Remediation / Resolution
To turn off the "log_statement_stats" database flag for your Google Cloud PostgreSQL database instances, perform the following actions:
References
- Google Cloud Platform (GCP) Documentation
- Cloud SQL for PostgreSQL documentation
- Configure database flags
- Edit instances
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud sql instances list
- gcloud sql instances describe
- gcloud sql instances patch