Skip to content

Ensure the correct SQL statements generating errors are recorded

Description

The log_min_error_statement setting causes all SQL statements generating errors at or above the specified severity level to be recorded in the server log.

Each level includes all the levels that follow it. The later the level, the fewer messages are recorded. Valid values are: - DEBUG5 - DEBUG4 - DEBUG3 - DEBUG2 - DEBUG1 - INFO - NOTICE - WARNING - ERROR - LOG - FATAL - PANIC

Note: To effectively turn off logging of failing statements, set this parameter to PANIC. ERROR is considered the best practice setting. Changes should only be made in accordance with your organization's logging policy.

Rationale

If this is not set to the correct value, too many erring SQL statements or too few erring SQL statements may be written to the server log.

Applies To

  • Databases

Tags

This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting } = module

/**
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the log_min_error_statement is set correctly
 */

function validate(databaseSettings, parameters = { log_min_error_statement : 'error' }) {
    const settingName = 'log_min_error_statement'
    const expectedValue = parameters.log_min_error_statement
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {
        success,
    }
}

// invoke
// TODO: add parameters
validate(databaseSettings);