patternsqlMinor
What does "connection matched" in PostgreSQL logs mean?
Viewed 0 times
postgresqlmatchedwhatlogsmeandoesconnection
Problem
I have this in the logs of a postgres instance:
```
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:20:02.277 UTC [78602] FATAL: password authentication failed for user "postgres"
2021-11-20 06:20:02.277 UTC [78602] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:05.211 UTC [79412] FATAL: password authentication failed for user "postgres"
2021-11-20 06:41:05.211 UTC [79412] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:45.448 UTC [79517] FATAL: password authentication failed for user "pgsql"
2021-11-20 06:41:45.448 UTC [79517] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:01:53.432 UTC [80321] FATAL: password authentication failed for user "postgres"
2021-11-20 07:01:53.432 UTC [80321] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:22:44.231 UTC [81197] FATAL: password authentication failed for user "postgres"
2021-11-20 07:22:44.231 UTC [81197] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:25:30.380 UTC [81317] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:25:30.380 UTC [81317] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:43:48.611 UTC [82115] FATAL: password authentication failed for user "postgres"
2021-11-20 07:43:48.611 UTC [82115] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:47:12.673 UTC [82233] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:47:12.673 UTC [82233] DETAIL: Role "pgsql" does not exis
```
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:20:02.277 UTC [78602] FATAL: password authentication failed for user "postgres"
2021-11-20 06:20:02.277 UTC [78602] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:05.211 UTC [79412] FATAL: password authentication failed for user "postgres"
2021-11-20 06:41:05.211 UTC [79412] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 06:41:45.448 UTC [79517] FATAL: password authentication failed for user "pgsql"
2021-11-20 06:41:45.448 UTC [79517] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:01:53.432 UTC [80321] FATAL: password authentication failed for user "postgres"
2021-11-20 07:01:53.432 UTC [80321] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:22:44.231 UTC [81197] FATAL: password authentication failed for user "postgres"
2021-11-20 07:22:44.231 UTC [81197] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:25:30.380 UTC [81317] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:25:30.380 UTC [81317] DETAIL: Role "pgsql" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:43:48.611 UTC [82115] FATAL: password authentication failed for user "postgres"
2021-11-20 07:43:48.611 UTC [82115] DETAIL: Role "postgres" does not exist.
Connection matched pg_hba.conf line 100: "host all all all scram-sha-256"
2021-11-20 07:47:12.673 UTC [82233] FATAL: password authentication failed for user "pgsql"
2021-11-20 07:47:12.673 UTC [82233] DETAIL: Role "pgsql" does not exis
Solution
I cannot tell you who tries to log in, but you could add
“Connection matched pg_hba.conf line 100” means that the incoming connection matched that
I recommend using less generic
%h to log_line_prefix to see the client address.“Connection matched pg_hba.conf line 100” means that the incoming connection matched that
pg_hba.conf line (which is no surprise, since it contains all wildcards), and as a consequence, scram-sha-256 password authentication was attempted (and failed).I recommend using less generic
pg_hba.conf entries, so that attackers have less chance to intrude with a guessed password.Context
StackExchange Database Administrators Q#302911, answer score: 2
Revisions (0)
No revisions yet.