PGSQLServerLogs 表的查询

2025-09-15

有关在 Azure 门户中使用这些查询的信息，请参阅 Log Analytics 教程。有关 REST API，请参阅查询。

错误消息

显示 PostgreSQL 日志中的所有错误消息。

// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where ErrorLevel =~ "ERROR"
| order by TimeGenerated desc 
| take 100

致命消息

显示 PostgreSQL 日志中的所有致命消息。

// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where ErrorLevel =~ "FATAL"
| order by TimeGenerated desc 
| take 100

检测死锁

在 PostgreSQL 日志中搜索死锁事件。

// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "deadlock detected"
| order by TimeGenerated desc 
| take 100

服务器重启

在 PostgreSQL 日志中搜索服务器关闭和服务器就绪事件。

// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "database system was shut down" or Message has "database system is ready to accept"
| order by TimeGenerated asc
| take 100

收到的连接数

在 PostgreSQL 日志中搜索收到的连接消息。

// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "connection received"
| extend allmatches=extract_all(@'host=(.+)port=(.+)', Message)
| project TimeGenerated, host=allmatches[0][0], port=allmatches[0][1], Message,ProcessId,ErrorLevel, SqlErrorCode
| order by TimeGenerated desc 
| take 100

已授权的连接

在 PostgreSQL 日志中搜索已授权的连接消息。

// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "connection authorized"
| extend allmatches=extract_all(@'user=(.+)database=(.\S+)', Message)
| project TimeGenerated, user=trim(@" ",tostring(allmatches[0][0])), database=allmatches[0][1], Message,ProcessId,ErrorLevel, SqlErrorCode
| where  ['user'] !='azuresu' //exclude Azure managed superuser
| order by TimeGenerated desc 
| take 100

连接失败

在 PostgreSQL 日志中搜索未经授权的（失败）连接。

// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "authentication failed" or SqlErrorCode in ('28000', '28P01', '3D000', '53300', '42501','08P01')
| where ErrorLevel =~'FATAL'
| order by TimeGenerated desc 
| take 100

锁定争用

在 PostgreSQL 日志中搜索锁争用。它需要参数 log_lock_waits=ON。

// To create an alert for this query, click '+ New alert rule'
PGSQLServerLogs
| where Message has "still waiting for"
| order by TimeGenerated desc 
| take 100

Autovacuum 事件

在 PostgreSQL 日志中搜索 autovacuum 事件。它需要启用参数“log_autovacuum_min_duration”。

PGSQLServerLogs
| where Message has "vacuum of table"
| order by TimeGenerated desc 
| take 100

审核日志

搜索 PostgreSQL 日志中的所有审核事件。它要求启用审核日志 [https://learn.microsoft.com/azure/postgresql/flexible-server/concepts-audit]。

PGSQLServerLogs
| where Message contains "AUDIT:"
| order by TimeGenerated desc 
| take 100

通过