Use > Database > Deploying the PostgreSQL Server Database > PostgreSQL Server Configuration > How to Configure PostgreSQL on Probe to Accept Local Connections Only

How to Configure PostgreSQL on Probe to Accept Local Connections Only

By default the PostgreSQL instance running on the probe does not need to listen to requests from the network. However, you can perform this additional configuration to bind the PostgreSQL instance on the probe to localhost.

To do so,

  1. On the probe, open the following file using a text editor:

    UCMDB\DataFlowProbe\conf\postgresql.conf

  2. Locate and modify the following file from:

    listen_addresses = '*'

    to:

    listen_addresses = 'localhost'
  3. Save the file.

  4. Restart the probe.

    To restart the probe properly,

    1. Open services.msc.
    2. Stop the UCMDB Probe service.
    3. Stop the UCMDB_Probe_DB service.
    4. Start the UCMDB_Probe_DB service.
    5. Start the UCMDB Probe service.

How to Validate If the PostgreSQL Instance Is Listening Only to Localhost?

Validate from a remote PostgreSQL server

To validate that the change to the postgresql.conf file is taking effect successfully, you can run the following PostgreSQL client command from a remote server with PostgreSQL installed:

Note: Do not run the command below from the same machine where the probe is installed.

psql --username="mamuser" --host=<Target DataFlowProbe Host or IP>

When PostgreSQL is listening only to localhost, you will receive a "Connection refused" message.

Example outputs:

PostgreSQL listening to localhost:

C:\UCMDB\DataFlowProbe\pgsql\bin>psql --username="mamuser" --host=10.10.15.220
psql: could not connect to server: Connection refused (0x0000274D/10061)
Is the server running on host "10.10.15.220" and accepting
TCP/IP connections on port 5432?

PostgreSQL listening to any host (known as “*” in the postgressql.conf file):

C:\UCMDB\DataFlowProbe\pgsql\bin>psql --username="mamuser" --host=10.10.15.220
psql: FATAL:  no pg_hba.conf entry for host "10.10.20.254", user "mamuser", database "mamuser", SSL off

The FATAL error indicates simply that the pg_hba.conf file is not properly set up, but for the purpose of this test it is sufficient to understand that the connection was successful from a remote host. This would indicate the change to listen_addresses in postgresql.conf was NOT applied properly per the instructions above. Please check those steps again.

Validate using Telnet

If you do not have another PostgresSQL system with psql installed, you can try to Telnet to the PostgresSQL port from a different computer to confirm if the change was applied correctly:

  1. Install Telnet.

    1. Go to Start > Control Panel > Turn Windows features on or off.

      The Windows Features dialog opens.

    2. Select the check box for Telnet Client.
    3. Click OK.
  2. Test connection.

    1. Open the Command Prompt window by going to Start > Run > cmd and clicking OK.
    2. From the Command Prompt window, run the following:

      telnet <target host/IP and port>

      For example, telnet 10.10.15.220 5432.

    If you receive a message like: “telnet: connect to address <address you specified>: Connection refused”, it indicates that PostgresSQL is properly configured to refuse remote connections.