PostgreSQL Logs

Overview

Evidence: PostgreSQL Logs Description: Collect PostgreSQL Logs Category: Applications Platform: linux Short Name: pgrl Is Parsed: No Sent to Investigation Hub: No Collect File(s): Yes

Background

PostgreSQL database logs on Linux record database operations, queries, connections, authentication events, and errors. Logs can be in /var/log/postgresql or within the data directory (/var/lib/pgsql/data/pg_log).

Data Collected

This collector gathers structured data about postgresql logs.

Collection Method

This collector gathers PostgreSQL logs from both standard log directories and the PostgreSQL data directory, capturing all database operational logs.

Forensic Value

PostgreSQL logs are essential for investigating SQL injection, unauthorized access, data breaches, privilege escalation, and database attacks. They provide detailed query logs, connection information, and authentication history.