On Mon, Jan 17, 2011 at 16:03, Robert Haas <robertmh...@gmail.com> wrote:
> On Mon, Jan 17, 2011 at 8:58 AM, Magnus Hagander <mag...@hagander.net> wrote:
>>>>> What do you have in mind?
>>>>
>>>> Either having it controlled by log_connections, or perhaps have a
>>>> log_highpriv_connections that controls replication *and* superuser, to
>>>> be somewhat consistent.
>>>
>>> -1. We could provide an option to turn this on and off, but I
>>> wouldn't want it merged with log_connections or logging of superuser
>>> connections.
>>
>> Fair enough, we could have a log_replication_connections as a separate
>> one then? Or having one log_connections, one
>> log_replication_connections and one log_superuser_connections?
>
> log_replication_connections seems reasonable. Not sure about
> log_superuser_connections.
So basically like this (see attachment).
>>> Incidentally, I think ClientAuthentication_hook is sufficiently
>>> powerful to allow logging of superuser connections but no others, if
>>> someone wanted to write a contrib module. That doesn't necessarily
>>> mean an in-core facility wouldn't be useful too, but it's at least
>>> worth thinking about using the hook.
>>
>> Do we have an example of this hook somewhere already? If not, it could
>> be made into a useful example of that, perhaps?
>
> contrib/auth_delay
Hmm, ok, so not that then :-)
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 8e2a2c5..5f83adf 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -3380,6 +3380,21 @@ local0.* /var/log/postgresql
</listitem>
</varlistentry>
+ <varlistentry id="guc-log-replication-connections" xreflabel="log_replication_connections">
+ <term><varname>log_replication_connections</varname> (<type>boolean</type>)</term>
+ <indexterm>
+ <primary><varname>log_replication_connections</> configuration parameter</primary>
+ </indexterm>
+ <listitem>
+ <para>
+ Causes each successful replication connection to the server to be
+ logged. This parameter can only be set in the
+ <filename>postgresql.conf</> file or on the server command line.
+ The default is on.
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry id="guc-log-disconnections" xreflabel="log_disconnections">
<term><varname>log_disconnections</varname> (<type>boolean</type>)</term>
<indexterm>
diff --git a/src/backend/postmaster/postmaster.c b/src/backend/postmaster/postmaster.c
index 179048f..a128e21 100644
--- a/src/backend/postmaster/postmaster.c
+++ b/src/backend/postmaster/postmaster.c
@@ -199,6 +199,7 @@ int AuthenticationTimeout = 60;
bool log_hostname; /* for ps display and logging */
bool Log_connections = false;
+bool Log_replication_connections = false;
bool Db_user_namespace = false;
bool enable_bonjour = false;
diff --git a/src/backend/tcop/postgres.c b/src/backend/tcop/postgres.c
index b227e6c..3c941b1 100644
--- a/src/backend/tcop/postgres.c
+++ b/src/backend/tcop/postgres.c
@@ -3137,6 +3137,7 @@ set_debug_options(int debug_flag, GucContext context, GucSource source)
if (debug_flag >= 1 && context == PGC_POSTMASTER)
{
SetConfigOption("log_connections", "true", context, source);
+ SetConfigOption("log_replication_connections", "true", context, source);
SetConfigOption("log_disconnections", "true", context, source);
}
if (debug_flag >= 2)
diff --git a/src/backend/utils/init/postinit.c b/src/backend/utils/init/postinit.c
index 76890f2..d09633e 100644
--- a/src/backend/utils/init/postinit.c
+++ b/src/backend/utils/init/postinit.c
@@ -219,22 +219,25 @@ PerformAuthentication(Port *port)
elog(FATAL, "could not disable timer for authorization timeout");
/*
- * Log connection for streaming replication even if Log_connections
- * disabled.
+ * Log connection for streaming replication if Log_replication_connections
+ * is enabled.
*/
if (am_walsender)
{
- if (port->remote_port[0])
- ereport(LOG,
- (errmsg("replication connection authorized: user=%s host=%s port=%s",
- port->user_name,
- port->remote_host,
- port->remote_port)));
- else
- ereport(LOG,
- (errmsg("replication connection authorized: user=%s host=%s",
- port->user_name,
- port->remote_host)));
+ if (Log_replication_connections)
+ {
+ if (port->remote_port[0])
+ ereport(LOG,
+ (errmsg("replication connection authorized: user=%s host=%s port=%s",
+ port->user_name,
+ port->remote_host,
+ port->remote_port)));
+ else
+ ereport(LOG,
+ (errmsg("replication connection authorized: user=%s host=%s",
+ port->user_name,
+ port->remote_host)));
+ }
}
else if (Log_connections)
ereport(LOG,
diff --git a/src/backend/utils/misc/guc.c b/src/backend/utils/misc/guc.c
index e4dea31..94c58a4 100644
--- a/src/backend/utils/misc/guc.c
+++ b/src/backend/utils/misc/guc.c
@@ -803,6 +803,14 @@ static struct config_bool ConfigureNamesBool[] =
false, NULL, NULL
},
{
+ {"log_replication_connections", PGC_BACKEND, LOGGING_WHAT,
+ gettext_noop("Logs each successful replication connection."),
+ NULL
+ },
+ &Log_replication_connections,
+ true, NULL, NULL
+ },
+ {
{"log_disconnections", PGC_BACKEND, LOGGING_WHAT,
gettext_noop("Logs end of a session, including duration."),
NULL
diff --git a/src/backend/utils/misc/postgresql.conf.sample b/src/backend/utils/misc/postgresql.conf.sample
index f436b83..d9c8b97 100644
--- a/src/backend/utils/misc/postgresql.conf.sample
+++ b/src/backend/utils/misc/postgresql.conf.sample
@@ -353,6 +353,7 @@
#debug_pretty_print = on
#log_checkpoints = off
#log_connections = off
+#log_replication_connections = on
#log_disconnections = off
#log_duration = off
#log_error_verbosity = default # terse, default, or verbose messages
diff --git a/src/include/postmaster/postmaster.h b/src/include/postmaster/postmaster.h
index 25cc84a..e2f5ba3 100644
--- a/src/include/postmaster/postmaster.h
+++ b/src/include/postmaster/postmaster.h
@@ -26,6 +26,7 @@ extern bool ClientAuthInProgress;
extern int PreAuthDelay;
extern int AuthenticationTimeout;
extern bool Log_connections;
+extern bool Log_replication_connections;
extern bool log_hostname;
extern bool enable_bonjour;
extern char *bonjour_name;
--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers
