Re: how _not_ to log?

Поиск
Список
Период
Сортировка
От Joe Van Dyk
Тема Re: how _not_ to log?
Дата
Msg-id CACfv+p+1J6JT1Lap8bN1yTBzP7TZRh5K587RwxumwHKSXQ6LHg@mail.gmail.com
обсуждение исходный текст
Ответ на how _not_ to log?  (Tim Spencer <tspencer@cloudpassage.com>)
Ответы Re: how _not_ to log?  (Tim Spencer <tspencer@cloudpassage.com>)
Список pgsql-general
Дерево обсуждения
On Thursday, July 25, 2013, Tim Spencer wrote:
Hello there!

        I've seen lots of people who have asked questions about how to log this or that, but I have the opposite question!  :-)  I'm seeing this in my logs:

Jul 25 18:08:11 staging-db11 postgres[27050]: [10-2] STATEMENT:  create role pguser encrypted password 'XXX';

        Where XXX is the actual password.  This happens every 30 minutes when my chef client kicks off and resets the passwords.  Here's everything that I have in postgres.conf related to logging:

log_destination = 'syslog'              # Valid values are combinations of
                                        # stderr, csvlog, syslog, and eventlog,
                                        # depending on platform.  csvlog
                                        # requires logging_collector to be on.
logging_collector = on                  # Enable capturing of stderr and csvlog
                                        # into log files. Required to be on for
                                        # csvlogs.
log_directory = 'pg_log'                # directory where log files are written,
log_filename = 'postgresql-%a.log'      # log file name pattern,
log_truncate_on_rotation = on           # If on, an existing log file with the
                                        # same name as the new log file will be
log_rotation_age = 1d                   # Automatic rotation of logfiles will
log_rotation_size = 0                   # Automatic rotation of logfiles will
                                        # happen after that much log output.
                                        # DO NOT USE without syslog or
                                        # logging_collector
log_min_duration_statement = 2000       # 2 seconds
log_checkpoints = on

        What I'd like to do is stop logging create role commands, as the logs end up full of passwords.  Is there any way to do this?  Thanks, and have fun!

Have chef supply the password in encrypted format. 

It's not that well documented yet though, as far as I can tell.  See this thread: http://www.postgresql.org/message-id/201110272054.p9RKsKs18362@momjian.us

Seems like that information should be in the CREATE ROLE docs. 


 

                -tspencer



--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general

В списке pgsql-general по дате отправления:

Предыдущее
От: Sergey Konoplev
Дата:
Сообщение: Re: Speed up Switchover
Следующее
От: Andres Freund
Дата:
Сообщение: Re: Speed up Switchover