Skip to content

pg-log-errors

Explanation

Setting the minimum log severity too high will cause errors not to be logged

Possible Impact

Loss of error logging

Suggested Resolution

Set the minimum log severity to at least ERROR

Insecure Example

The following example will fail the google-sql-pg-log-errors check.

resource "google_sql_database_instance" "db" {
    name             = "db"
    database_version = "POSTGRES_12"
    region           = "us-central1"
    settings {
        database_flags {
            name  = "log_min_messages"
            value = "PANIC"
        }
    }
}

Secure Example

The following example will pass the google-sql-pg-log-errors check.

resource "google_sql_database_instance" "db" {
    name             = "db"
    database_version = "POSTGRES_12"
    region           = "us-central1"
    settings {
        database_flags {
            name  = "log_min_messages"
            value = "WARNING"
        }
    }
}