Skip to content

Commit 437435b

Browse files
sdudoladovSergey Dudoladov
sdudoladov
and
Sergey Dudoladov
authored
Make logging configurable (#15)
Fix the bug with the auth_mon_lock released twice Introduce GUC variable to manage locking Co-authored-by: Sergey Dudoladov <[email protected]>
1 parent a62b197 commit 437435b

File tree

2 files changed

+26
-2
lines changed

2 files changed

+26
-2
lines changed

Diff for: README.md

+3
Original file line numberDiff line numberDiff line change
@@ -17,6 +17,9 @@ Once we have spot a suspicious activity, we may dig
1717
deeper by using this information along with the log file to identify the
1818
particular IP address etc.
1919

20+
## List of available GUC variables:
21+
22+
`pg_auth_mon.log_period` = 60 # dump pg_auth_mon content to Postgres log every 60 minutes (default: 0 meaning the feature is off)
2023

2124
## How to build and install:
2225

Diff for: pg_auth_mon.c

+23-2
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@
2626
#include "utils/tuplestore.h"
2727
#include "utils/timestamp.h"
2828
#include "utils/acl.h"
29+
#include "utils/guc.h"
2930
#include "catalog/pg_authid.h"
3031
#include "funcapi.h"
3132
#include "c.h"
@@ -41,6 +42,9 @@ PG_MODULE_MAGIC;
4142
extern void _PG_init(void);
4243
extern void _PG_fini(void);
4344

45+
/* GUC variables */
46+
static int log_period_guc = 0;
47+
4448
/* Number of output arguments (columns) for various API versions */
4549
#define PG_AUTH_MON_COLS_V1_0 6
4650
#define PG_AUTH_MON_COLS_V1_1 7
@@ -122,6 +126,19 @@ _PG_init(void)
122126

123127
original_client_auth_hook = ClientAuthentication_hook;
124128
ClientAuthentication_hook = auth_monitor;
129+
130+
DefineCustomIntVariable("pg_auth_mon.log_period",
131+
"Duration between logging pg_auth_mon data to PG log (in minutes).",
132+
NULL,
133+
&log_period_guc,
134+
0, // 0 means the feature is off
135+
0,
136+
10080, // one week
137+
PGC_SIGHUP,
138+
GUC_UNIT_MIN,
139+
NULL,
140+
NULL,
141+
NULL);
125142
}
126143

127144
/*
@@ -232,7 +249,7 @@ auth_monitor(Port *port, int status)
232249
hba_reject = false,
233250
fail = false;
234251

235-
int waittime = 1000 * 60 * 60 * 24; // log at most once in an day
252+
int waittime_msec;
236253
TimestampTz now = GetCurrentTimestamp();
237254

238255
/*
@@ -308,10 +325,14 @@ auth_monitor(Port *port, int status)
308325
fai->last_successful_login_at = GetCurrentTimestamp();
309326
}
310327

311-
if ((TimestampDifferenceExceeds(*last_log_timestamp, now, waittime))) {
328+
waittime_msec = 1000 * 60 * log_period_guc;
329+
if (waittime_msec > 0 && (TimestampDifferenceExceeds(*last_log_timestamp, now, waittime_msec)))
330+
{
312331
*last_log_timestamp = now;
313332
LWLockRelease(auth_mon_lock);
314333
log_pg_auth_mon_data();
334+
// prevent double-release of auth_mon_lock
335+
return;
315336
}
316337

317338
LWLockRelease(auth_mon_lock);

0 commit comments

Comments
 (0)