Ensure that "log_checkpoints" database flag is enabled for your Google Cloud PostgreSQL database instances. The "log_checkpoints" flag allows checkpoints and restart points to be logged and included within the PostgreSQL server log.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
In most cases, checkpoints are disrupting for your Google Cloud PostgreSQL database performance and can cause connections to stall for up to a few seconds while they occur. By enabling the "log_checkpoints" flag you can get verbose logging of the checkpoint process for your PostgreSQL database instances. This logging data can be used to identify and troubleshoot sub-optimal PostgreSQL database performance. By default, "log_checkpoints" flag is disabled.
Note: Some database flag settings can affect instance availability and/or stability, and eventually remove the PostgreSQL instance from the Google Cloud SQL Service Level Agreement (SLA).
Audit
To determine if "log_checkpoints" flag is enabled for your Google Cloud PostgreSQL database instances, perform the following actions:
Remediation / Resolution
To enable the "log_checkpoints" database flag for your Google Cloud Platform (GCP) PostgreSQL database instances, perform the following operations:
References
- Google Cloud Platform (GCP) Documentation
- Cloud SQL for PostgreSQL
- Configuring database flags
- Editing instances
- CIS Security Documentation
- Securing Google Cloud Computing Platform
- PostgreSQL Database Documentation
- 19.8. Error Reporting and Logging
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
Enable "log_checkpoints" Flag for PostgreSQL Database Instances
Risk Level: Medium