Skip to content

Ensure 'log_lock_waits' is enabled

Description

The log_lock_waits setting specifies whether a log message is produced when a session waits longer than deadlock_timeout to acquire a lock. The setting should be enabled (set to on) unless otherwise directed by your organization's logging policy.

Rationale

If this setting is disabled, it may be harder to determine if lock waits are causing poor performance or if a specially-crafted SQL is attempting to starve resources through holding locks for excessive amounts of time.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting, checkRdsVersion, OK_SKIP_VERSION } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the log_lock_waits option is on
 */

function validate(databaseSettings) {
    const supportedVersions = ['9.5']
    const supported = checkRdsVersion(databaseSettings, supportedVersions)
    if(!supported) {
        return OK_SKIP_VERSION
    }
    const settingName = 'log_lock_waits'
    const expectedValue = 'on'
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {
        success,
    }
}

// invoke
validate(databaseSettings);