Inactive HBA lines (beta)

Identifying inactive HBA lines from HBA file in PostgreSQL can be quite challenging. Imagine your PostgreSQL HBA file contains 100 lines added over the past five years—how do you find obsolete or unused entries?

This task is not straightforward in PostgreSQL. To address this issue, we've released a new feature that scans a given HBA file to identify all inactive HBA lines.

Below are some of the cases covered so far :

Address field

  • ‘ All’ will match all ips 0.0.0.0/0 represents all IPv4 addresses

  • ::0/0 represents all IPv6 addresses

  • Single host, with a mask length of 32 for IPv4 or 128 for IPv6

  • Subnet specifications

  • More..

User field

  • All matches for all users

  • role - Matches with any members of that role as well

  • Multiple user names can be supplied with comma separation

  • A list of users using @ option

Database field

  • All

  • Database name is same as user

  • Multiple db names can be supplied (comma separated)

  • A separate file containing db names can be supplied with @

Warning : This is beta version and kindly do additional validations before you remove unused hba lines in production

How to execute this via commandline on my machine ?

Below are some examples for your reference

        ciscollector --logparser unused_lines --file-path /location/to/log/file.log --begin-time "2021-01-01 00:00:00" --end-time "2021-01-01 23:59:59" --prefix <logline prefix> --hba-file /location/to/pg_hba.conf
	
	ciscollector --logparser unused_lines --file-path /location/to/log/file.log --prefix <logline prefix> --hba-file /location/to/pg_hba.conf
	
	ciscollector --logparser unused_lines --file-path /location/to/log/*.log --begin-time "2021-01-01 00:00:00" --end-time "2021-01-01 23:59:59" --prefix <logline prefix> --hba-file /location/to/pg_hba.conf
	
	ciscollector --logparser unused_lines --file-path /location/to/log/*.log --prefix <logline prefix> --hba-file /location/to/pg_hba.conf
	

How to execute this interactively on my machine ?

Please run "ciscollector -r" and pick option 6 for HBA unused lines - You need to supply your log file location , hba file location , log_line_prefix and other details as depicted in below screenshot

NOTE - Scanning a large number of files may take a considerable amount of time. To expedite the process, please narrow your search to a specific time range or use wildcards to target a subset of log files

Warning : This is beta version and kindly do additional validations before you remove unused hba lines in production

Last updated