Evidence: PostgreSQL Logs
Description: Collect PostgreSQL Logs
Category: Applications
Platform: linux
Short Name: pgrl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
PostgreSQL database logs on Linux record database operations, queries, connections, authentication events, and errors. Logs can be in /var/log/postgresql or within the data directory (/var/lib/pgsql/data/pg_log).
Data Collected
This collector gathers structured data about postgresql logs.
Collection Method
This collector gathers PostgreSQL logs from both standard log directories and the PostgreSQL data directory, capturing all database operational logs.
Forensic Value
PostgreSQL logs are essential for investigating SQL injection, unauthorized access, data breaches, privilege escalation, and database attacks. They provide detailed query logs, connection information, and authentication history.
