Hello there!
I've seen lots of people who have asked questions about how to log this or that, but I have the opposite question!
:-) I'm seeing this in my logs:
Jul 25 18:08:11 staging-db11 postgres[27050]: [10-2] STATEMENT: create role pguser encrypted password 'XXX';
Where XXX is the actual password. This happens every 30 minutes when my chef client kicks off and resets the
passwords. Here's everything that I have in postgres.conf related to logging:
log_destination = 'syslog' # Valid values are combinations of
# stderr, csvlog, syslog, and eventlog,
# depending on platform. csvlog
# requires logging_collector to be on.
logging_collector = on # Enable capturing of stderr and csvlog
# into log files. Required to be on for
# csvlogs.
log_directory = 'pg_log' # directory where log files are written,
log_filename = 'postgresql-%a.log' # log file name pattern,
log_truncate_on_rotation = on # If on, an existing log file with the
# same name as the new log file will be
log_rotation_age = 1d # Automatic rotation of logfiles will
log_rotation_size = 0 # Automatic rotation of logfiles will
# happen after that much log output.
# DO NOT USE without syslog or
# logging_collector
log_min_duration_statement = 2000 # 2 seconds
log_checkpoints = on
What I'd like to do is stop logging create role commands, as the logs end up full of passwords. Is there any way
todo this? Thanks, and have fun!
-tspencer