Обсуждение: Suppress logging of "pg_hba.conf rejects connection for host"

Поиск
Список
Период
Сортировка

Suppress logging of "pg_hba.conf rejects connection for host"

От
Дата:
Hello,

One of the systems running PostgreSQL 14.7 receive a lot of lines like in
the subject. I have below pg_hba.conf line and that line causes these to be
logged.

host all all 0.0.0.0/0 reject

If possible, I do not want to see these lines in my logs. But, I failed to
find a parameter for it.

Is it possible to turn this specific message logging off?

Thanks & Regards,
Ertan

Re: Suppress logging of "pg_hba.conf rejects connection for host"

От
Erik Wienhold
Дата:
> On 16/04/2023 17:02 CEST ertan.kucukoglu@1nar.com.tr wrote:
>
> One of the systems running PostgreSQL 14.7 receive a lot of lines like in
> the subject. I have below pg_hba.conf line and that line causes these to be
> logged.
>
> host all all 0.0.0.0/0 reject
>
> If possible, I do not want to see these lines in my logs. But, I failed to
> find a parameter for it.
>
> Is it possible to turn this specific message logging off?

There's no special config for this specific error message.  It is logged as
FATAL so the only way to silence it *and any other messages from DEBUG5 to FATAL*
is to set log_min_messages = PANIC.  I don't recommend it.  It also complicates
troubleshooting failing connections in the future if you don't log this message.

When logging to syslog you may be able to discard specific messages.
rsyslog has property-based filters[0] for example:

    :msg, contains, "pg_hba.conf rejects connection for host" ~

You should also investigate the clients that try connecting ("a lot" as you
write) and figure out why they keep connecting if you want to reject their
attempts anyway.

[0] https://rsyslog.readthedocs.io/en/latest/configuration/filters.html#property-based-filters

--
Erik

Re: Suppress logging of "pg_hba.conf rejects connection for host"

От
Ron
Дата:
On 4/16/23 10:02, ertan.kucukoglu@1nar.com.tr wrote:
> Hello,
>
> One of the systems running PostgreSQL 14.7 receive a lot of lines like in
> the subject. I have below pg_hba.conf line and that line causes these to be
> logged.
>
> host all all 0.0.0.0/0 reject
>
> If possible, I do not want to see these lines in my logs. But, I failed to
> find a parameter for it.
>
> Is it possible to turn this specific message logging off?

1. Why do you need that line, instead of just allowing in the addresses you 
want?
2. Why are you getting so many "illegal" connection attempts?
3. Auditors like to see that you're rejecting "illegal" connection attempts.

-- 
Born in Arizona, moved to Babylonia.