diff --git a/cppd_medical_report/app-service-docker.tf b/cppd_medical_report/app-service-docker.tf
index c7f68b3..8583a8a 100644
--- a/cppd_medical_report/app-service-docker.tf
+++ b/cppd_medical_report/app-service-docker.tf
@@ -31,6 +31,15 @@ resource "azurerm_app_service" "app_service" {
   identity {
     type = "SystemAssigned"
   }
+  
+  logs {
+    http_logs {
+      file_system {
+        retention_in_days = 7
+        retention_in_mb   = 100
+      }
+    }
+  }
 
   app_settings = {
     "DOCKER_ENABLE_CI"                = "true"
@@ -39,6 +48,7 @@ resource "azurerm_app_service" "app_service" {
     "DOCKER_REGISTRY_SERVER_PASSWORD" = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault.key_vault.vault_uri}secrets/${azurerm_key_vault_secret.docker_password.name}/${azurerm_key_vault_secret.docker_password.version})"
     "SESSION_ADAPTER"                 = "@sailshq/connect-redis"
     "AUTO_MIGRATE_MODE"               = "alter"
+    "LOG_LEVEL"                       = "verbose"
     ## Look up from secret
     "DATABASE_URL"             = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault.key_vault.vault_uri}secrets/${azurerm_key_vault_secret.pg_connection_string.name}/${azurerm_key_vault_secret.pg_connection_string.version})"
     "SESSION_ADAPTER_URL"      = "@Microsoft.KeyVault(SecretUri=${azurerm_key_vault.key_vault.vault_uri}secrets/${azurerm_key_vault_secret.redis_connection_string.name}/${azurerm_key_vault_secret.redis_connection_string.version})"
diff --git a/cppd_medical_report/azure_cache_for_redis.tf b/cppd_medical_report/azure_cache_for_redis.tf
index dab37f1..7b25681 100644
--- a/cppd_medical_report/azure_cache_for_redis.tf
+++ b/cppd_medical_report/azure_cache_for_redis.tf
@@ -13,4 +13,19 @@ resource "azurerm_redis_cache" "session_store" {
   redis_configuration {}
 
   tags = merge(local.common_tags)
+}
+
+resource "azurerm_monitor_diagnostic_setting" "cache_diagnostic_settings" {
+  name                           = "${local.nameprefix}cachediagnostics"
+  target_resource_id             = azurerm_redis_cache.session_store.id
+  log_analytics_workspace_id     = azurerm_log_analytics_workspace.log_analytics.id
+  log_analytics_destination_type = "Dedicated"
+
+  metric {
+    category = "AllMetrics"
+    retention_policy {
+      enabled = true
+      days    = 7
+    }
+  }
 }
\ No newline at end of file
diff --git a/cppd_medical_report/azure_database_for_postgresql.tf b/cppd_medical_report/azure_database_for_postgresql.tf
index 2ee81ff..a2dc092 100644
--- a/cppd_medical_report/azure_database_for_postgresql.tf
+++ b/cppd_medical_report/azure_database_for_postgresql.tf
@@ -28,3 +28,73 @@ resource "azurerm_postgresql_database" "postgres" {
   charset             = "UTF8"
   collation           = "English_United States.1252"
 }
+
+resource "azurerm_monitor_diagnostic_setting" "database_diagnostic_settings" {
+  name                           = "${local.nameprefix}postgresdiagnostics"
+  target_resource_id             = azurerm_postgresql_server.postgres.id
+  log_analytics_workspace_id     = azurerm_log_analytics_workspace.log_analytics.id
+  log_analytics_destination_type = "Dedicated"
+
+  metric {
+    category = "AllMetrics"
+    retention_policy {
+      enabled = true
+      days    = 7
+    }
+  }
+
+  log {
+    category = "PostgreSQLLogs"
+    enabled  = true
+    retention_policy {
+      enabled = true
+      days    = 7
+    }
+  }
+
+  log {
+    category = "QueryStoreRuntimeStatistics"
+    enabled  = true
+    retention_policy {
+      enabled = true
+      days    = 7
+    }
+  }
+
+  log {
+    category = "QueryStoreWaitStatistics"
+    enabled  = true
+    retention_policy {
+      enabled = true
+      days    = 7
+    }
+  }
+}
+
+resource "azurerm_postgresql_configuration" "db_congif_log_level" {
+  name                = "client_min_messages"
+  resource_group_name = azurerm_resource_group.resource_group.name
+  server_name         = azurerm_postgresql_server.postgres.name
+  value               = "LOG"
+}
+
+resource "azurerm_postgresql_configuration" "db_congif_retention" {
+  name                = "log_retention_days"
+  resource_group_name = azurerm_resource_group.resource_group.name
+  server_name         = azurerm_postgresql_server.postgres.name
+  value               = "7"
+}
+
+resource "azurerm_postgresql_configuration" "db_congif_log_statement" {
+  name                = "log_statement"
+  resource_group_name = azurerm_resource_group.resource_group.name
+  server_name         = azurerm_postgresql_server.postgres.name
+  value               = "ALL"
+}
+
+resource "azurerm_postgresql_configuration" "db_congif_log_duration" {
+  name                = "log_duration"
+  resource_group_name = azurerm_resource_group.resource_group.name
+  server_name         = azurerm_postgresql_server.postgres.name
+  value               = "ON"
+}
\ No newline at end of file
diff --git a/cppd_medical_report/azure_key_vault_secrets.tf b/cppd_medical_report/azure_key_vault_secrets.tf
index 8a0ee64..0d0f19f 100644
--- a/cppd_medical_report/azure_key_vault_secrets.tf
+++ b/cppd_medical_report/azure_key_vault_secrets.tf
@@ -42,7 +42,6 @@ resource "azurerm_key_vault_access_policy" "ap_identity" {
 resource "random_password" "postgres_admin" {
   length           = 16
   special          = true
-  override_special = "_%@"
 }
 
 resource "azurerm_key_vault_secret" "pg_admin_pass" {
@@ -53,7 +52,7 @@ resource "azurerm_key_vault_secret" "pg_admin_pass" {
 }
 resource "azurerm_key_vault_secret" "pg_connection_string" {
   name         = "postgresconnection"
-  value        = "postgres://${local.pgadmin_account}@${azurerm_postgresql_database.postgres.name}:${random_password.postgres_admin.result}@${azurerm_postgresql_server.postgres.fqdn}:5432/${azurerm_postgresql_database.postgres.name}"
+  value        = "postgres://${local.pgadmin_account}@${azurerm_postgresql_server.postgres.fqdn}:${urlencode(random_password.postgres_admin.result)}@${azurerm_postgresql_server.postgres.fqdn}:5432/${azurerm_postgresql_database.postgres.name}"
   key_vault_id = azurerm_key_vault.key_vault.id
   tags         = merge(local.common_tags)
 }
diff --git a/cppd_medical_report/azure_log_analytics.tf b/cppd_medical_report/azure_log_analytics.tf
new file mode 100644
index 0000000..4d247c0
--- /dev/null
+++ b/cppd_medical_report/azure_log_analytics.tf
@@ -0,0 +1,8 @@
+resource "azurerm_log_analytics_workspace" "log_analytics" {
+  name                = "${lower(local.nameprefix)}loganalytics"
+  location            = azurerm_resource_group.resource_group.location
+  resource_group_name = azurerm_resource_group.resource_group.name
+  sku                 = "PerGB2018"
+
+  tags = merge(local.common_tags)
+}
\ No newline at end of file
diff --git a/policy/resource_types.rego b/policy/resource_types.rego
index 4c1d9a9..47318f8 100644
--- a/policy/resource_types.rego
+++ b/policy/resource_types.rego
@@ -5,7 +5,8 @@ import data.terraform_helper as dth
 name_policy_exempt_types = { 
     "azurerm_postgresql_database",
     "azurerm_storage_container",
-    "azurerm_key_vault_secret"
+    "azurerm_key_vault_secret",
+    "azurerm_postgresql_configuration"
 }