Every transaction that modifies your database leaves a trace in the Write-Ahead Log (WAL). Under normal operation, these logs are temporary—the database recycles old log segments once checkpoint processing confirms the changes are safely written to data files. But for Point-in-Time Recovery, those 'temporary' logs are the only bridge between your last backup and any recovery target.

Log archiving is the process of preserving that bridge.

Without proper log archiving, PITR capability exists only in theory. The moment a log segment is recycled before archiving, a gap appears in your recovery timeline—a permanent blind spot where the database's history is lost forever.

This page examines log archiving comprehensively: how it works, what can go wrong, how to monitor it, and the operational practices that ensure your PITR capability remains intact through the daily operation of your database systems.

Before we can properly configure log archiving, we must understand the complete lifecycle of Write-Ahead Log segments. This lifecycle determines when archiving must occur and what happens if it doesn't.

The Stages of WAL Segment Life

WAL segments progress through several distinct stages:

1. Creation (Allocation) When the current WAL segment fills up, the database allocates a new segment. This may involve:

• Pre-allocating segments during low-activity periods (proactive allocation)
• Immediate allocation when needed (reactive allocation)
• Recycling an old segment by renaming it (most common)

2. Active Writing The segment receives new log records as transactions execute:

• Each log record receives a unique LSN
• Records are first written to the WAL buffer in memory
• Periodic or triggered flushes write buffer contents to disk
• The wal_sync_method parameter controls durability guarantees

3. Full Status When a segment reaches capacity:

• The segment is marked as complete
• A new segment is opened for writing
• The full segment enters the archival queue (if archiving is enabled)

4. Archival Pending The complete segment waits for archive processing:

• The archive process copies the segment to archive storage
• The segment is marked as archived only after successful copy
• This is the critical window—the segment must not be recycled before confirmation

5. Archived and Retained After successful archival:

• The segment is marked as ready for recycling
• The database may retain the segment for streaming replication
• Eventually, the segment is recycled for new log content

6. Recycled The physical file is reassigned a new name and reused:

• Old content is overwritten
• The segment re-enters the creation stage
• If the segment was not archived, its contents are permanently lost

Proper archive configuration is foundational to reliable PITR. The specific parameters vary by database system, but the concepts are universal. We'll use PostgreSQL's terminology as a reference model, then map to other systems.

Core Archive Parameters

archive_mode

Controls whether WAL archiving is enabled:

• off: No archiving (default)
• on: Enable archiving
• always: Enable archiving even on standby servers

-- Enable archiving (requires restart)
alter system set archive_mode = 'on';

archive_command

The shell command executed to archive each WAL segment:

• %p — Path to the WAL segment to archive
• %f — Filename of the WAL segment

-- Basic local archive
alter system set archive_command = 
  'cp %p /archive/wal/%f';

-- Archive to S3 with compression
alter system set archive_command = 
  'gzip -c %p | aws s3 cp - s3://db-archive/wal/%f.gz';

-- Archive with verification
alter system set archive_command = 
  'test ! -f /archive/wal/%f && cp %p /archive/wal/%f';

archive_timeout

Forces an archive switch even if the current segment isn't full:

• Prevents long gaps in archive coverage during low-activity periods
• Creates a maximum RPO for idle databases

-- Archive at least every 5 minutes
alter system set archive_timeout = '300s';

Critical Archive Command Requirements

The archive command must satisfy specific requirements to ensure reliable operation:

1. Atomic Success/Failure The command must exit with status 0 only if the archive succeeded completely. Any non-zero exit prevents recycling of the segment.

2. Idempotency The command must succeed if called multiple times for the same file (the segment may already exist in the archive from a previous interrupted attempt).

3. Verification The command should verify the archived copy is complete and uncorrupted before exiting successfully.

4. Destination Check The command should fail if the destination is unreachable, full, or experiencing issues.

5. No Modification of Source The command must not modify or delete the source WAL file.

6. Reasonable Timeout The command should complete in reasonable time (usually seconds). Long-running commands block archival of subsequent segments.

The choice of archive storage profoundly impacts PITR reliability, recovery speed, and total cost of ownership. A well-designed archive strategy typically combines multiple storage tiers to balance these factors.

The Tiered Archive Architecture

Enterprise deployments commonly implement multiple storage tiers:

Hot Tier (Recent Archives)

• Storage: Local SSD or NVMe
• Retention: Last 24-72 hours of archives
• Purpose: Fast recovery for recent incidents
• Access: Immediate (milliseconds)

Warm Tier (Recent History)

• Storage: Network storage, local HDD, or standard object storage
• Retention: 7-30 days
• Purpose: Operational recovery, typical PITR scenarios
• Access: Fast (seconds)

Cold Tier (Long-term Archive)

• Storage: Infrequent-access object storage, tape
• Retention: Months to years (compliance driven)
• Purpose: Compliance, disaster recovery, historical analysis
• Access: Slow (minutes to hours)

Offsite Tier (Disaster Recovery)

• Storage: Geographically separate location
• Retention: Mirrors warm/cold tier policies
• Purpose: DR capability, regional disaster resilience
• Access: Variable (depends on DR tier selection)

Compression Strategies

WAL files compress effectively—typical compression ratios range from 3:1 to 10:1 depending on workload. Compression strategies must balance storage savings against recovery speed:

Inline Compression

Compress during archival:

archive_command = 'gzip -c %p > /archive/%f.gz'

• Pro: Immediate storage savings
• Pro: Network transfer reduction for remote archives
• Con: Decompression time during recovery
• Con: CPU overhead during archival

Deferred Compression

Archive uncompressed, compress later:

• Pro: Fastest archival (no CPU overhead)
• Pro: Recent files ready for immediate recovery
• Con: Higher short-term storage costs
• Con: Requires background compression process

Compression Algorithm Selection

Encryption Considerations

Archived WAL files contain complete transaction data—including all inserted, updated, and deleted values. Encryption is essential for:

• Compliance requirements (GDPR, HIPAA, PCI-DSS)
• Protection of data at rest
• Defense against archive storage compromise

Encryption Approaches:

1. Storage-Level Encryption

• Provider-managed keys or customer-managed keys
• Transparent to archival process
• Example: S3 Server-Side Encryption (SSE-KMS)

2. Client-Side Encryption

• Encrypt before sending to archive
• Full control over key management
• Example: gpg -e -r backup@company.com %f

3. Database-Native Encryption

• Some databases support encrypted WAL
• Unified key management with data encryption
• Example: PostgreSQL pgcrypto extensions

Key Management Requirements:

• Keys must be available during recovery (not just backup)
• Key rotation must not render old archives unrecoverable
• DR procedures must include key recovery

Traditional segment-based archiving introduces latency between transaction commit and archival. For systems requiring near-zero RPO, continuous archiving mechanisms stream changes in real-time.

Segment-Based vs. Continuous Archiving

Segment-Based Archiving

The traditional model archives complete segments:

1. Transactions write to current WAL segment
2. Segment fills up (typically 16MB in PostgreSQL)
3. Archive command executes for complete segment
4. Segment copied to archive storage

RPO Implication: Maximum data loss = segment size worth of transactions

With a 16MB segment and high-throughput database, this might be seconds. With a low-activity database, a segment might take hours to fill.

Continuous (Streaming) Archiving

Alternative approach streams WAL records continuously:

1. Transactions write to WAL
2. Each WAL record (or small batch) sent to archive receiver
3. Archive receiver persists records immediately
4. RPO approaches zero (limited only by transmission latency)

Implementation Methods:

• WAL Streaming Protocol: PostgreSQL's replication protocol can stream to archive servers
• Change Data Capture: CDC systems capture and archive changes in real-time
• Log Shipping with Partial Segments: Archive current incomplete segment periodically

PostgreSQL pg_receivewal

PostgreSQL provides pg_receivewal for streaming archive reception:

# Basic streaming archive
pg_receivewal -h primary-db -U replication -D /archive/wal \
  --synchronous --create-slot --slot=archive_receiver

# With compression
pg_receivewal -h primary-db -U replication -D /archive/wal \
  --compress=zstd:3 --synchronous

Advantages of pg_receivewal:

• Near-zero RPO (streams individual WAL records)
• Automatic slot management prevents premature WAL removal
• Native PostgreSQL support, well-tested

Considerations:

• Requires dedicated process per primary
• Network connectivity to primary required
• Slot management overhead on primary

Archive failures can silently accumulate, creating PITR gaps that aren't discovered until a recovery is attempted. Proactive monitoring is essential for maintaining PITR capability.

Key Archive Metrics

1. Archive Lag

The delay between WAL generation and archival:

-- PostgreSQL: Check archive lag
SELECT 
    pg_walfile_name(pg_current_wal_lsn()) AS current_wal,
    last_archived_wal,
    pg_wal_lsn_diff(
        pg_current_wal_lsn(), 
        (last_archived_wal || '000000')::pg_lsn
    ) / 1024 / 1024 AS lag_mb,
    last_archived_time,
    now() - last_archived_time AS time_since_last_archive
FROM pg_stat_archiver;

Alert Thresholds:

• Warning: Lag > 10 segments or > 5 minutes
• Critical: Lag > 50 segments or > 30 minutes

2. Archive Failure Count

-- PostgreSQL: Check recent archive failures
SELECT 
    failed_count,
    last_failed_wal,
    last_failed_time
FROM pg_stat_archiver;

Alert Thresholds:

• Warning: Any failures in the last hour
• Critical: Failed count increasing or last failure < 5 minutes ago

3. Archive Storage Capacity

Monitor archive destination for space:

# Local archive storage
df -h /archive/wal

# S3 bucket size (via CloudWatch or CLI)
aws s3 ls s3://db-archive/wal/ --summarize

Alert Thresholds:

• Warning: < 20% free space
• Critical: < 5% free space

Archive Integrity Verification

Beyond monitoring active archival, periodic verification ensures archive integrity:

1. Sequence Continuity Check

Verify no gaps exist in the WAL sequence:

#!/bin/bash
# Verify WAL archive sequence continuity
ARCHIVE_DIR="/archive/wal"

prev_segment=""
for file in $(ls -1 $ARCHIVE_DIR/0000*.gz | sort); do
    segment=$(basename $file .gz)
    if [ -n "$prev_segment" ]; then
        expected=$(pg_waldiff $prev_segment)
        if [ "$segment" != "$expected" ]; then
            echo "GAP DETECTED: Expected $expected after $prev_segment, found $segment"
            exit 1
        fi
    fi
    prev_segment=$segment
done
echo "Archive sequence verified: no gaps"

2. Archive Checksum Verification

# Verify archive checksums
for file in /archive/wal/*.gz; do
    gunzip -t "$file" 2>/dev/null || echo "CORRUPT: $file"
done

3. Sample Restore Testing

Periodic end-to-end recovery tests:

• Select random historical time point
• Restore base backup + WAL to that point
• Verify database starts and passes consistency checks
• Document recovery time for planning

Archive retention determines how far back in time PITR can reach. Retention policies must balance recovery capability against storage costs and compliance requirements.

Retention Strategy Framework

Recovery Window Retention

Archives needed to support PITR within the operational recovery window:

• Typically 7-30 days for operational systems
• Supports recovery from data corruption, errors, ransomware
• Sized based on maximum acceptable data loss scenario

Compliance Retention

Archives required by regulatory frameworks:

• Financial: 7 years (SOX, SEC Rule 17a-4)
• Healthcare: 6-7 years (HIPAA)
• General: Varies by jurisdiction and industry

Base Backup Correlation

Archives must be retained at least as long as there's a corresponding base backup:

• If monthly backups are kept for 1 year, archives must span 1 year minimum
• Otherwise, older backups become useless (no WAL bridge to recovery target)

Implementing Retention Automation

#!/bin/bash
# WAL archive retention automation script

ARCHIVE_DIR="/archive/wal"
HOT_RETENTION_DAYS=3
WARM_RETENTION_DAYS=30
COLD_RETENTION_DAYS=365

# Get current date for comparison
NOW=$(date +%s)

for archive_file in "$ARCHIVE_DIR"/*.gz; do
    [ -f "$archive_file" ] || continue
    
    # Get file modification time
    FILE_TIME=$(stat -c %Y "$archive_file")
    AGE_DAYS=$(( (NOW - FILE_TIME) / 86400 ))
    
    # Determine action based on age
    if [ $AGE_DAYS -gt $COLD_RETENTION_DAYS ]; then
        # Beyond cold retention: delete
        echo "Deleting expired archive: $archive_file (age: $AGE_DAYS days)"
        rm "$archive_file"
        
    elif [ $AGE_DAYS -gt $WARM_RETENTION_DAYS ]; then
        # Move to cold tier (Glacier)
        BASENAME=$(basename "$archive_file")
        if ! aws s3api head-object --bucket db-archive-cold \
             --key "wal/$BASENAME" 2>/dev/null; then
            echo "Moving to cold tier: $archive_file"
            aws s3 cp "$archive_file" "s3://db-archive-cold/wal/$BASENAME" \
                --storage-class GLACIER
        fi
        
    elif [ $AGE_DAYS -gt $HOT_RETENTION_DAYS ]; then
        # Move to warm tier (S3 Standard-IA)
        BASENAME=$(basename "$archive_file")
        if ! aws s3api head-object --bucket db-archive-warm \
             --key "wal/$BASENAME" 2>/dev/null; then
            echo "Moving to warm tier: $archive_file"
            aws s3 cp "$archive_file" "s3://db-archive-warm/wal/$BASENAME" \
                --storage-class STANDARD_IA
        fi
    fi
done

Even well-configured archive systems encounter problems. Rapid diagnosis and resolution is critical to minimizing PITR gaps.

Common Archive Failures and Solutions

Problem: Archive Command Hangs

Symptoms:

• Archive lag increasing
• No new archives appearing
• Archiver process stuck

Diagnosis:

-- Check archiver status
SELECT * FROM pg_stat_archiver;

-- Check PostgreSQL logs
tail -100 /var/log/postgresql/postgresql-*.log | grep -i archive

Common Causes:

• Network timeout to remote storage
• Archive destination full
• DNS resolution failure
• Storage credential expiration

Resolution:

# Kill stuck archive command
killall -9 "archive_command_process_name"

# PostgreSQL will retry automatically
# Verify with:
SELECT * FROM pg_stat_archiver;

Problem: Archive Destination Full

Symptoms:

• Archive command returning non-zero
• Error messages about disk space

Immediate Actions:

1. Identify and delete old archives (respecting retention rules)
2. Move archives to additional storage
3. Increase archive storage allocation

# Emergency space cleanup (carefully!)
# Only delete archives older than oldest needed backup
find /archive/wal -mtime +30 -name "*.gz" -delete

Problem: Archive Gap Discovered

A gap in the archive sequence renders PITR impossible across that gap.

Discovery:

# List archive sequence to find gaps
ls -1 /archive/wal/ | sort | awk '
    NR==1 {prev=$1; next}
    {
        # Check if current file follows previous
        # (Implementation depends on WAL naming convention)
        if (gap_detected) print "GAP: " prev " -> " $1
        prev=$1
    }
'

Recovery Options:

• If gap is recent: Source files may still exist on database server
• If a standby exists: Standby may have the missing files
• If gap is old: Accept that PITR only works on each side of gap

Log archiving is the often-overlooked foundation of PITR capability. Let's consolidate the key concepts:

What's next:

With the archive foundation established, we'll examine the Recovery Process itself. The next page walks through the complete PITR recovery workflow—from incident detection through recovery target selection, the actual recovery procedure, and post-recovery validation steps that ensure a successful restoration.