Skip to content

Ensure 'log_lock_waits' is enabled


The log_lock_waits setting specifies whether a log message is produced when a session waits longer than deadlock_timeout to acquire a lock. The setting should be enabled (set to on) unless otherwise directed by your organization's logging policy.


If this setting is disabled, it may be harder to determine if lock waits are causing poor performance or if a specially-crafted SQL is attempting to starve resources through holding locks for excessive amounts of time.

Applies To

  • Databases


This rule is applied when the following tags are present:

Tag With Value
secureclouddb/provider aws
secureclouddb/service rds
secureclouddb/engine postgres

Default Rule

const { checkServerSetting, checkRdsVersion, OK_SKIP_VERSION } = module

 * @param {Object} databaseSettings - database settings object
 * @returns {boolean} true if the log_lock_waits option is on

function validate(databaseSettings) {
    const supportedVersions = ['9.5']
    const supported = checkRdsVersion(databaseSettings, supportedVersions)
    if(!supported) {
        return OK_SKIP_VERSION
    const settingName = 'log_lock_waits'
    const expectedValue = 'on'
    const success = checkServerSetting(databaseSettings, settingName, expectedValue)
    return {

// invoke