What to Log
+
+ What you choose to log can have security implications; see
+ .
+
+
+
planning). Set log_min_error_statement to
ERROR (or lower) to log such statements.
+ Logged statements might reveal sensitive data and even contain
+ plaintext passwords.
+
It is a good idea to save the database server's log output
somewhere, rather than just discarding it via /dev/null.
The log output is invaluable when diagnosing
- problems. However, the log output tends to be voluminous
+ problems.
+
+
+
+ The server log can contain sensitive information and needs to be protected,
+ no matter how or where it is stored, or the destination to which it is routed.
+ For example, some DDL statements might contain plaintext passwords or other
+ authentication details. Logged statements at the ERROR
+ level might show the SQL source code for applications
+ and might also contain some parts of data rows. Recording data, events and
+ related information is the intended function of this facility, so this is
+ not a leakage or a bug. Please ensure the server logs are visible only to
+ appropriately authorized people.
+
+
+
+ Log output tends to be voluminous
(especially at higher debug levels) so you won't want to save it
indefinitely. You need to rotate the log files so that
new log files are started and old ones removed after a reasonable
projects / postgresql.git / commitdiff