On Mon, Jan 17, 2011 at 16:03, Robert Haas <robertmh...@gmail.com> wrote: > On Mon, Jan 17, 2011 at 8:58 AM, Magnus Hagander <mag...@hagander.net> wrote: >>>>> What do you have in mind? >>>> >>>> Either having it controlled by log_connections, or perhaps have a >>>> log_highpriv_connections that controls replication *and* superuser, to >>>> be somewhat consistent. >>> >>> -1. We could provide an option to turn this on and off, but I >>> wouldn't want it merged with log_connections or logging of superuser >>> connections. >> >> Fair enough, we could have a log_replication_connections as a separate >> one then? Or having one log_connections, one >> log_replication_connections and one log_superuser_connections? > > log_replication_connections seems reasonable. Not sure about > log_superuser_connections.
So basically like this (see attachment). >>> Incidentally, I think ClientAuthentication_hook is sufficiently >>> powerful to allow logging of superuser connections but no others, if >>> someone wanted to write a contrib module. That doesn't necessarily >>> mean an in-core facility wouldn't be useful too, but it's at least >>> worth thinking about using the hook. >> >> Do we have an example of this hook somewhere already? If not, it could >> be made into a useful example of that, perhaps? > > contrib/auth_delay Hmm, ok, so not that then :-) -- Magnus Hagander Me: http://www.hagander.net/ Work: http://www.redpill-linpro.com/
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml index 8e2a2c5..5f83adf 100644 --- a/doc/src/sgml/config.sgml +++ b/doc/src/sgml/config.sgml @@ -3380,6 +3380,21 @@ local0.* /var/log/postgresql </listitem> </varlistentry> + <varlistentry id="guc-log-replication-connections" xreflabel="log_replication_connections"> + <term><varname>log_replication_connections</varname> (<type>boolean</type>)</term> + <indexterm> + <primary><varname>log_replication_connections</> configuration parameter</primary> + </indexterm> + <listitem> + <para> + Causes each successful replication connection to the server to be + logged. This parameter can only be set in the + <filename>postgresql.conf</> file or on the server command line. + The default is on. + </para> + </listitem> + </varlistentry> + <varlistentry id="guc-log-disconnections" xreflabel="log_disconnections"> <term><varname>log_disconnections</varname> (<type>boolean</type>)</term> <indexterm> diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c index 179048f..a128e21 100644 --- a/src/backend/postmaster/postmaster.c +++ b/src/backend/postmaster/postmaster.c @@ -199,6 +199,7 @@ int AuthenticationTimeout = 60; bool log_hostname; /* for ps display and logging */ bool Log_connections = false; +bool Log_replication_connections = false; bool Db_user_namespace = false; bool enable_bonjour = false; diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c index b227e6c..3c941b1 100644 --- a/src/backend/tcop/postgres.c +++ b/src/backend/tcop/postgres.c @@ -3137,6 +3137,7 @@ set_debug_options(int debug_flag, GucContext context, GucSource source) if (debug_flag >= 1 && context == PGC_POSTMASTER) { SetConfigOption("log_connections", "true", context, source); + SetConfigOption("log_replication_connections", "true", context, source); SetConfigOption("log_disconnections", "true", context, source); } if (debug_flag >= 2) diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c index 76890f2..d09633e 100644 --- a/src/backend/utils/init/postinit.c +++ b/src/backend/utils/init/postinit.c @@ -219,22 +219,25 @@ PerformAuthentication(Port *port) elog(FATAL, "could not disable timer for authorization timeout"); /* - * Log connection for streaming replication even if Log_connections - * disabled. + * Log connection for streaming replication if Log_replication_connections + * is enabled. */ if (am_walsender) { - if (port->remote_port[0]) - ereport(LOG, - (errmsg("replication connection authorized: user=%s host=%s port=%s", - port->user_name, - port->remote_host, - port->remote_port))); - else - ereport(LOG, - (errmsg("replication connection authorized: user=%s host=%s", - port->user_name, - port->remote_host))); + if (Log_replication_connections) + { + if (port->remote_port[0]) + ereport(LOG, + (errmsg("replication connection authorized: user=%s host=%s port=%s", + port->user_name, + port->remote_host, + port->remote_port))); + else + ereport(LOG, + (errmsg("replication connection authorized: user=%s host=%s", + port->user_name, + port->remote_host))); + } } else if (Log_connections) ereport(LOG, diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c index e4dea31..94c58a4 100644 --- a/src/backend/utils/misc/guc.c +++ b/src/backend/utils/misc/guc.c @@ -803,6 +803,14 @@ static struct config_bool ConfigureNamesBool[] = false, NULL, NULL }, { + {"log_replication_connections", PGC_BACKEND, LOGGING_WHAT, + gettext_noop("Logs each successful replication connection."), + NULL + }, + &Log_replication_connections, + true, NULL, NULL + }, + { {"log_disconnections", PGC_BACKEND, LOGGING_WHAT, gettext_noop("Logs end of a session, including duration."), NULL diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample index f436b83..d9c8b97 100644 --- a/src/backend/utils/misc/postgresql.conf.sample +++ b/src/backend/utils/misc/postgresql.conf.sample @@ -353,6 +353,7 @@ #debug_pretty_print = on #log_checkpoints = off #log_connections = off +#log_replication_connections = on #log_disconnections = off #log_duration = off #log_error_verbosity = default # terse, default, or verbose messages diff --git a/src/include/postmaster/postmaster.h b/src/include/postmaster/postmaster.h index 25cc84a..e2f5ba3 100644 --- a/src/include/postmaster/postmaster.h +++ b/src/include/postmaster/postmaster.h @@ -26,6 +26,7 @@ extern bool ClientAuthInProgress; extern int PreAuthDelay; extern int AuthenticationTimeout; extern bool Log_connections; +extern bool Log_replication_connections; extern bool log_hostname; extern bool enable_bonjour; extern char *bonjour_name;
-- Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-hackers