RDS for PostgreSQL database log files
RDS for PostgreSQL logs database activities to the default PostgreSQL log file. For
an on-premises PostgreSQL DB instance, these messages are stored locally in
log/postgresql.log. For
an RDS for PostgreSQL DB instance, the log file is
available on the Amazon RDS instance. Also, you must use the Amazon RDS Console
to view or download its contents. The default logging level captures login failures, fatal
server errors, deadlocks, and query failures.
For more information about how you can view, download, and
watch file-based database logs, see Monitoring Amazon RDS log files.
To learn more about PostgreSQL logs, see Working with
Amazon RDS and Aurora PostgreSQL logs: Part 1
In addition to the standard PostgreSQL logs discussed in this topic,
RDS for PostgreSQL
also supports the PostgreSQL Audit extension (pgAudit). Most regulated industries and government
agencies need to maintain an audit log or audit trail of changes made to data to comply with legal requirements.
For information about installing and using pgAudit, see Using pgAudit to log database activity.
Topics
Publishing PostgreSQL logs to Amazon CloudWatch Logs
To store your PostgreSQL log records in highly durable storage, you can use Amazon CloudWatch Logs. With
CloudWatch Logs, you can also perform real-time analysis of log data and use CloudWatch to view metrics
and create alarms. For example, if you set log_statement to
ddl, you can set up an alarm to alert you whenever a DDL statement is
executed. You can choose to have your PostgreSQL logs uploaded to CloudWatch Logs during the process of creating your
RDS for PostgreSQL DB instance. If you chose not to upload logs at that time, you can later
modify your instance to start uploading logs from that point forward. In other words,
existing logs aren't uploaded. Only new logs are uploaded as they're created
on your modified RDS for PostgreSQL DB instance.
All currently available RDS for PostgreSQL versions support publishing log files to CloudWatch Logs. For more information, see Amazon RDS for PostgreSQL updates in the Amazon RDS for PostgreSQL Release Notes..
To work with CloudWatch Logs, configure your RDS for PostgreSQL DB instance to publish log data to a log group.
You can publish the following log types to CloudWatch Logs for RDS for PostgreSQL:
-
Postgresql log
-
Upgrade log
After you complete the configuration, Amazon RDS publishes the log events to log streams within a
CloudWatch log group. For example, the PostgreSQL log data is stored within the log group
/aws/rds/instance/.
To view your logs, open the CloudWatch console at
https://console.aws.amazon.com/cloudwatch/my_instance/postgresql
To publish PostgreSQL logs to CloudWatch Logs using the console
Open the Amazon RDS console at https://console.aws.amazon.com/rds/
. -
In the navigation pane, choose Databases.
-
Choose the DB instance that you want to modify, and then choose Modify.
-
In the Log exports section, choose the logs that you want to start publishing to CloudWatch Logs.
The Log exports section is available only for PostgreSQL versions that support publishing to CloudWatch Logs.
-
Choose Continue, and then choose Modify DB Instance on the summary page.
You can publish PostgreSQL logs with the AWS CLI. You can call the modify-db-instance command with the following
parameters.
-
--db-instance-identifier -
--cloudwatch-logs-export-configuration
Note
A change to the --cloudwatch-logs-export-configuration option is always applied to the DB instance
immediately. Therefore, the --apply-immediately and --no-apply-immediately options have no effect.
You can also publish PostgreSQL logs by calling the following CLI commands:
Run one of these CLI commands with the following options:
-
--db-instance-identifier -
--enable-cloudwatch-logs-exports -
--db-instance-class -
--engine
Other options might be required depending on the CLI command you run.
Example Modify an instance to publish logs to CloudWatch Logs
The following example modifies an existing PostgreSQL DB instance to publish log files to
CloudWatch Logs. The --cloudwatch-logs-export-configuration value is a
JSON object. The key for this object is EnableLogTypes, and its
value is an array of strings with any combination of postgresql
and upgrade.
For Linux, macOS, or Unix:
aws rds modify-db-instance \ --db-instance-identifiermydbinstance\ --cloudwatch-logs-export-configuration '{"EnableLogTypes":["postgresql", "upgrade"]}'
For Windows:
aws rds modify-db-instance ^ --db-instance-identifiermydbinstance^ --cloudwatch-logs-export-configuration '{"EnableLogTypes":["postgresql","upgrade"]}'
Example Create an instance to publish logs to CloudWatch Logs
The following example creates a PostgreSQL DB instance and publishes log files to CloudWatch Logs.
The --enable-cloudwatch-logs-exports value is a JSON array of
strings. The strings can be any combination of postgresql and
upgrade.
For Linux, macOS, or Unix:
aws rds create-db-instance \ --db-instance-identifiermydbinstance\ --enable-cloudwatch-logs-exports '["postgresql","upgrade"]' \ --db-instance-classdb.m4.large\ --enginepostgres
For Windows:
aws rds create-db-instance ^ --db-instance-identifiermydbinstance^ --enable-cloudwatch-logs-exports '["postgresql","upgrade"]' ^ --db-instance-classdb.m4.large^ --enginepostgres
You can publish PostgreSQL logs with the RDS API. You can call the ModifyDBInstance action with the following parameters:
-
DBInstanceIdentifier -
CloudwatchLogsExportConfiguration
Note
A change to the CloudwatchLogsExportConfiguration parameter is always applied to the DB instance
immediately. Therefore, the ApplyImmediately parameter has no effect.
You can also publish PostgreSQL logs by calling the following RDS API operations:
Run one of these RDS API operations with the following parameters:
-
DBInstanceIdentifier -
EnableCloudwatchLogsExports -
Engine -
DBInstanceClass
Other parameters might be required depending on the operation that you run.
