3.1.3 Ensure the logging collector is enabled

Information

The logging collector is a background process that captures log messages sent to stderr and redirects them into log files. The logging_collector setting must be enabled in order for this process to run. It can only be set at server start.
Rationale:
The logging collector approach is often more useful than logging to syslog, since some types of messages might not appear in syslog output. One common example is dynamic-linker failure message; another may be error messages produced by scripts such as archive_command.
Note: This setting must be enabled when log_destination is either 'stderr' or 'csvlog' and for certain other logging parameters to take effect.

Solution

Execute the following SQL statement(s) to remediate this setting:
postgres=# alter system set logging_collector = 'on';
ALTER SYSTEM
Unfortunately, this setting can only be changed at server (re)start. As root, restart the PostgreSQL service for this change to take effect:
$ service postgresql-9.6 restart
Stopping postgresql-9.6 service: [ OK ]
Starting postgresql-9.6 service: [ OK ]
Default Value:
on

See Also

https://workbench.cisecurity.org/files/2235

Item Details

Category: AUDIT AND ACCOUNTABILITY

References: 800-53|AU-3, 800-53|AU-12, CSCv6|6.2, CSCv7|6.2, CSCv7|6.3

Plugin: PostgreSQLDB

Control ID: 7df1770bcc2ba94f7ae567dc379e9c84d16c7b6e28f7b2b1db0beb4c0fa52a3c