Skip to content

Ensure 'log_statement_stats' is disabled

Description

The logging of these additional statistics when not mandated by your organization's logging policy greatly reduces the signal-to-noise ratio of the PostgreSQL logs.

Rationale

Enabling the log_statement_stats setting causes cumulative performance statistics to be written to the server log for each query. This is a crude profiling instrument, similar to the Unix getrusage() operating system facility.

This reports total statement statistics. Cumulative performance statistics logging is disabled (off) by default and should only be enabled if directed to do so by your organization's logging policy.

Note: log_statement_stats cannot be enabled together with any of the per-module options.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting, checkRdsVersion, OK_SKIP_VERSION } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the log_statement_stats option is off
 */

function validate(databaseSettings) {
    const supportedVersions = ['9.5']
    const supported = checkRdsVersion(databaseSettings, supportedVersions)
    if(!supported) {
        return OK_SKIP_VERSION
    }
    const settingName = 'log_statement_stats'
    const expectedValue = 'off'
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {
        success,
    }
}

// invoke
validate(databaseSettings);