Skip to content

Ensure 'log_connections' is enabled


Enabling the log_connections setting causes each attempted connection to the server to be logged, as well as successful completion of client authentication.

This parameter cannot be changed after session start.


PostgreSQL does not maintain an internal record of attempted connections to the database for later auditing.

It is only by enabling the logging of these attempts that one can determine if unexpected attempts are being made.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting } = module
 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the connections are being logged

function validate(databaseSettings) {

    const settingName = 'log_connections'
    const expectedValue = "on"
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)

    return {

// invoke