Logging and monitoring

PostgreSQL instance with ‘enable_pgaudit’ flag disabled

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

Open source pgaudit extension enables you to manage and access logs in a central location. By enabling cloudsql.enable_pgaudit flag and installing the extension you enable database auditing in your PostgreSQL through pgAudit. This extension provides detailed session and object logging to comply with government, financial, & ISO standards and provides auditing capabilities to mitigate threats by monitoring security events on the instance. It was detected that the Sql Instance {GcpSqlInstance} pgaudit flag is disabled.
  • Recommended Mitigation

    It is recommended to add the following database flag: 'cloudsql.enable_pgaudit=on', create the extension (by connecting to the server running PostgreSQL or through a SQL client of your choice), and make sure Data Access Audit logs are enabled for your project and have sufficient privileges and that logs are being sent to Logs Explorer.