En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation

We need help to add the "SQLSTATE error code" (e%) field to the log_line_prefix parameter.

0

Hi everyone, our audit verified a case where a read-only user appeared in the log as responsible for executing a DDL command, we performed all the necessary tests and saw that the command executed was not applied and we saw that even with an error the log is generated, so we need to add the field "SQLSTATE error code" (e%) in the log_line_prefix parameter to filter the results and remove the cases where the command was not applied. But the log_line_prefix parameter is blocked in AWS RDS, how can we get around this?

  • Please accept the answer if it was useful for you

demandé il y a 8 mois292 vues
1 réponse
2

In AWS RDS, certain parameters, including log_line_prefix, are indeed managed and restricted for direct user modification due to the managed nature of the service, prioritizing stability and security. However, understanding the context and need to include "SQLSTATE error code" in your logs for clearer auditing and troubleshooting, here are a few approaches you might consider to address your requirement:

Using RDS Event Subscriptions for Notifications While this doesn't directly modify the log_line_prefix, you can create RDS Event Subscriptions to notify you about specific database events, including errors. This can help in monitoring and reacting to specific error codes, although it's more about alerting than logging.

profile picture
EXPERT
répondu il y a 8 mois
profile picture
EXPERT
vérifié il y a 8 mois
  • Thanks for the response Oleksii, I really understand the restriction because it is a managed service, but the point is that if I follow your request I will have to provide two proofs per month for the audit instead of one, that is, I will have to show the logs generated during the month and the alerts that may be received, in fact it makes it even more difficult because it is an alert, is it possible to direct this alert to a file in S3?

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions