PostgreSQL Logs
Overview
Section titled “Overview”Evidence: PostgreSQL Logs
Description: Collect PostgreSQL Logs
Category: Applications
Platform: linux
Short Name: pgrl
Is Parsed: No
Sent to Investigation Hub: No
Collect File(s): Yes
Background
Section titled “Background”PostgreSQL database logs on Linux record database operations, queries, connections, authentication events, and errors. Logs can be in /var/log/postgresql or within the data directory (/var/lib/pgsql/data/pg_log).
Data Collected
Section titled “Data Collected”This collector gathers structured data about postgresql logs.
Collection Method
Section titled “Collection Method”This collector gathers PostgreSQL logs from both standard log directories and the PostgreSQL data directory, capturing all database operational logs.
Forensic Value
Section titled “Forensic Value”PostgreSQL logs are essential for investigating SQL injection, unauthorized access, data breaches, privilege escalation, and database attacks. They provide detailed query logs, connection information, and authentication history.