PostgreSQL log disconnections not set

This product is not supported for your selected Datadog site. ().

Metadata

Id: 054d07b5-941b-4c28-8eef-18989dc62323

Cloud Provider: Azure

Platform: Ansible

Severity: Medium

Category: Observability

Learn More

Description

Enabling the PostgreSQL server parameter log_disconnections ensures the server records client connection termination events. This is important for detecting abnormal connection patterns, troubleshooting connectivity issues, and supporting forensic investigations.

For Ansible, the azure.azcollection.azure_rm_postgresqlconfiguration (or legacy azure_rm_postgresqlconfiguration) resource must have name: log_disconnections and value: ON (value compared case-insensitively). Resources where name is log_disconnections but value is missing, not a string, or not set to ON are flagged as insecure.

Secure Ansible configuration example:

- name: Enable PostgreSQL log_disconnections
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: my-rg
    server_name: my-pg-server
    name: log_disconnections
    value: ON

Compliant Code Examples

- name: Update PostgreSQL Server setting
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: on
- name: Update PostgreSQL Server setting2
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: On
- name: Update PostgreSQL Server setting3
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: ON
- name: Update PostgreSQL Server setting4
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: on
- name: Update PostgreSQL Server setting5
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: On
- name: Update PostgreSQL Server setting6
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: ON

Non-Compliant Code Examples

---
- name: Update PostgreSQL Server setting
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: off
- name: Update PostgreSQL Server setting2
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: Off
- name: Update PostgreSQL Server setting3
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: OFF
- name: Update PostgreSQL Server setting4
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: "off"
- name: Update PostgreSQL Server setting5
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: "Off"
- name: Update PostgreSQL Server setting6
  azure.azcollection.azure_rm_postgresqlconfiguration:
    resource_group: myResourceGroup
    server_name: myServer
    name: log_disconnections
    value: "OFF"