controls::log line prefix is set correctly
Overview
The log_line_prefix setting specifies a printf-style string that is prefixed to each log line. If blank, no prefix is used. You should configure this as recommended by the pgBadger development team unless directed otherwise by your organization’s logging policy. % characters begin “escape sequences” that are replaced with status information as outlined below. Unrecognized escapes are ignored. Other characters are copied straight to the log line. Some escapes are only recognized by session processes and will be treated as empty by background processes such as the main server process. Status information may be aligned either left or right by specifying a numeric literal after the % and before the option. A negative value will cause the status information to be padded on the right with spaces to give it a minimum width, whereas a positive value will pad on the left. Padding can be useful to aid human readability in log files. Any of the following escape sequences can be used:
%a = application name
%u = user name
%d = database name
%r = remote host and port %h = remote host
%b = backend type
%p = process ID
%t = timestamp without milliseconds
%m = timestamp with milliseconds
%n = timestamp with milliseconds (as a Unix epoch) %i = command tag
%e = SQL state
%c = session ID
%l = session line number
%s = session start timestamp
%v = virtual transaction ID
%x = transaction ID (0 if none)
%q = stop here in non-session processes
%% = '%'
Excelent Compliance Solution.
Puppet is an excellent solution to ensure your databases are CIS or STIG compliant. Now you’re looking at information about only one compliance control, but managing total compliance isn’t hard either!
If you you like he prospect of easy way into continuous compliancy with minimal fuss and bother, we suggest taking a look at our solution as your go-to option. Plus, our team can help you get up and running so that you can focus on other areas of your business. What are you waiting for? Get started today!
Benchmarks
This control is used in the following benchmarks:
- Postgres Database 13 CIS V1.0.0 - paragraph 3.1.22
- Postgres Database 13 CIS V1.1.0 - paragraph 3.1.24
- Postgres Database 14 CIS V1.0.0 - paragraph 3.1.24
- Postgres Database 14 CIS V1.1.0 - paragraph 3.1.24
- Postgres Database 15 CIS V1.0.0 - paragraph 3.1.24
- Postgres Database 15 CIS V1.1.0 - paragraph 3.1.24
- Postgres Database 16 CIS V1.0.0 - paragraph 3.1.24
Skipping
To deliberately skip this control (e.g. meaning don’t use Puppet to enforce this setting), we provide you with three ways:
1) Add pg_secured::controls::log_line_prefix_is_set_correctly: skip to your hiera data. This will skip this control for ALL databases.
2) Add pg_secured::controls::log_line_prefix_is_set_correctly::dbname: skip to your hiera data. This will skip this control for specified database only.
3) Add an entry with the content log_line_prefix_is_set_correctly to the array value pg_secured::skip_list in your hiera data.
Attributes
| Attribute Name | Short Description |
|---|---|
| title | The instance to apply the control to. |
title
The instance to apply the control to.
All controls need an instance to apply the control to. Here is a simple example:
pg_secured::controls::control_name { 'instance':}
In this example, the string instance is the instance to apply the control to.
Back to overview of controls::log_line_prefix_is_set_correctly
