Turn on Postgres database logging

[abroddrick]

Ticket Description

While evaluating our program, we found that manually editing the database (outside of the django app) doesn't get recorded in the django audit logs. Meanwhile, for security reasons we need to know everything that is done to the database.

Thus logging needs to be turned on inside of the Postgres database using postgres built in logging feature

NOTE FOR PLANNING: this may require discussing with Trevor to make sure nothing is missing that should also be logged, and may take a while to investigate the various logging possibilities and how to test/ retrieve logs.

AC:

• postgres database logging is used
• log rotation is implemented in some manner (Confirm that this is handled by cloud.gov)
  • We need to confirm if Cloud.gov auto log rotates logs that are written to disk by postgres
• documents updated regarding how logs are rotated and how to access the logs on a cf environment (this may take some time)
• test that the logs are working. (unit test may be skipped if deemed too time consuming but should be attempted before resorting to manual testing)

Additional notes:

Below is the settings that should change in the database to see this config

• docker exec -it {container hash} open /var/lib/postgresql/data/postgresql.conf

Quickly googling, one way to set it is to make a new postgres.conf file to override these default values and in the docker-compose.yml add a volume to set the custom .conf file to be stored in the containers internal storage. Note here the postrgres.conf is expected to be in the same directory as the docker-compose file. There may be a more elegant approach that should be investigated.

volumes:

• ./postgresql.conf:/var/lib/postgresql/data/postgresql.conf

Issue Type

discovery (Default)

Link dependent issues

No response

[PaulKuykendall]

@abroddrick - Hey, this is a "long" one, if you want to re-read and think about it before Refinement. Thanks