PostgreSQL database log retention days should be set to greater than 3 days


Warning: This rule will be deprecated 18 December 2023 as part of the update to Azure CIS version 2.0.0


Enable log_retention_days on PostgreSQL Servers.


Enabling log_retention_days helps PostgreSQL Database to set the number of days a log file is retained, which generates query and error logs. Query and error logs can be used to identify, troubleshoot, and repair configuration errors and sub-optimal performance.


From the console

  1. Login to Azure Portal using
  2. Go to Azure Database for PostgreSQL server
  3. For each database, click on Server parameters
  4. Search for log_retention_days.
  5. Enter value in range 4-7 (inclusive) and save.

Alternatively, use the Azure Command Line Interface and run the the below command to update log_retention_days configuration:

az postgres server configuration set --resource-group <resourceGroupName> --server-name <serverName> --name log_retention_days --value <4-7>



CIS Controls

Version 7 6.4 Ensure adequate storage for logs: Ensure that all systems that store logs have adequate storage space for the logs generated.