Обсуждение: Suppress logging of "pg_hba.conf rejects connection for host"
Hello, One of the systems running PostgreSQL 14.7 receive a lot of lines like in the subject. I have below pg_hba.conf line and that line causes these to be logged. host all all 0.0.0.0/0 reject If possible, I do not want to see these lines in my logs. But, I failed to find a parameter for it. Is it possible to turn this specific message logging off? Thanks & Regards, Ertan
> On 16/04/2023 17:02 CEST ertan.kucukoglu@1nar.com.tr wrote: > > One of the systems running PostgreSQL 14.7 receive a lot of lines like in > the subject. I have below pg_hba.conf line and that line causes these to be > logged. > > host all all 0.0.0.0/0 reject > > If possible, I do not want to see these lines in my logs. But, I failed to > find a parameter for it. > > Is it possible to turn this specific message logging off? There's no special config for this specific error message. It is logged as FATAL so the only way to silence it *and any other messages from DEBUG5 to FATAL* is to set log_min_messages = PANIC. I don't recommend it. It also complicates troubleshooting failing connections in the future if you don't log this message. When logging to syslog you may be able to discard specific messages. rsyslog has property-based filters[0] for example: :msg, contains, "pg_hba.conf rejects connection for host" ~ You should also investigate the clients that try connecting ("a lot" as you write) and figure out why they keep connecting if you want to reject their attempts anyway. [0] https://rsyslog.readthedocs.io/en/latest/configuration/filters.html#property-based-filters -- Erik
On 4/16/23 10:02, ertan.kucukoglu@1nar.com.tr wrote: > Hello, > > One of the systems running PostgreSQL 14.7 receive a lot of lines like in > the subject. I have below pg_hba.conf line and that line causes these to be > logged. > > host all all 0.0.0.0/0 reject > > If possible, I do not want to see these lines in my logs. But, I failed to > find a parameter for it. > > Is it possible to turn this specific message logging off? 1. Why do you need that line, instead of just allowing in the addresses you want? 2. Why are you getting so many "illegal" connection attempts? 3. Auditors like to see that you're rejecting "illegal" connection attempts. -- Born in Arizona, moved to Babylonia.