On 2/28/19 10:13 AM, Christoph Berg wrote:
> Re: Magnus Hagander 2016-04-13
> <cabuevezq8_nsq7fwe0-fboak8s2ynn-pkfsamfevy2-d3dr...@mail.gmail.com>
>>>>>> It's fairly common to see a lot of "Incomplete startup packet" in the
>>>>>> logfiles caused by monitoring or healthcheck connections.
>>>>> I've also seen it caused by port scanning.
>>>> Yes, definitely. Question there might be if that's actually a case when
>>> we
>>>> *want* that logging?
>>> I should think someone might. But I doubt we want to introduce another
>>> GUC for this. Would it be okay to downgrade the message to DEBUG1 if
>>> zero bytes were received?
>>>
>>>
>> Yeah, that was my suggestion - I think that's a reasonable compromise. And
>> yes, I agree that a separate GUC for it would be a huge overkill.
> There have been numerous complaints about that log message, and the
> usual reply is always something like what Pavel said recently:
>
> "It is garbage. Usually it means nothing, but better to work live
> without this garbage." [1]
>
> [1]
> https://www.postgresql.org/message-id/CAFj8pRDtwsxj63%3DLaWSwA8u7NrU9k9%2BdJtz2gB_0f4SxCM1sQA%40mail.gmail.com
>
> Let's get rid of it.
Right. This has annoyed me and a great many other people for years. I
think Robert Haas' argument 3 years ago (!) was on point, and disposes
of suggestions to keep it:
3. The right way to detect attacks is through OS-level monitoring or
firewall-level monitoring, and nothing we do in PG is going to come
close to the same value.
So I propose shortly to commit this patch unconditionally demoting the
message to DEBUG1.
cheers
andrew
--
Andrew Dunstan https://www.2ndQuadrant.com
PostgreSQL Development, 24x7 Support, Remote DBA, Training & Services
