grouper-users - [grouper-users] Keeping change logs and audit logs from using too much space
Subject: Grouper Users - Open Discussion List
List archive
- From: Dominique Petitpierre <>
- To: "" <>
- Subject: [grouper-users] Keeping change logs and audit logs from using too much space
- Date: Fri, 06 May 2011 17:48:30 +0200
- Organization: University of Geneva
Hello,
in an installation of Grouper 1.6.3, I am worrying about the space
taken in the database by the change logs and audit logs. The tables
grouper_change_log_entry and grouper_audit_entry and their indexes
are by far the largest consumers of space in the database.
Here are a few questions:
- How does one disable change logs completely? The property
changeLog.enabled=false in the file grouper.properties does not seem
to be sufficient: e.g. when a member is added to a group via the
Grouper UI or the Grouper shell then an entry is anyway inserted in
the table grouper_change_log_entry_temp.
Here is an extract of the config files:
grep '^changeLog.*enable' \
tomcat/webapps/grouper/WEB-INF/classes/grouper.properties \
grouper/conf/grouper.properties \
grouper/conf/grouper-loader.properties
tomcat/webapps/grouper/WEB-INF/classes/grouper.properties:changeLog.enabled
= false
grouper/conf/grouper.properties:changeLog.enabled = false
grouper/conf/grouper-loader.properties:changeLog.enabledDisabled.quartz.cron
= 0 1 0,11,15 * * ?
grouper/conf/grouper-loader.properties:changeLog.changeLogTempToChangeLog.enable
= false
- Is it safe to disable the change logs?
+ In particular, are the audit logs independent of the change logs?
+ Also, beside the custom consumers that could be configured
according to the description in
https://spaces.internet2.edu/display/Grouper/Notifications+(change+log),
is there some core functionality that depends on the change logs?
+ Why are change logs enabled by default?
(cf. grouper.example.properties)
- When change logs are enabled, is there a default mechanism that
periodically delete old entries in the table
grouper_change_log_entry? Something like what happens with the
table grouper_loader_log
(e.g. loaderRunOneJob("MAINTENANCE_cleanLogs") in gsh.sh, and the
property loader.retain.db.logs.days in grouper-loader.properties).
+ Is there a way to know that all configured consumers have
processed a change log entry (and thus it is deletable)?
- Does ldappc or ldappcng provide a consumer for change logs?
There is a hint about it in the section about consumers in
grouper-loader.properties, as comments:
#changeLog.consumer.ldappc.class =
#changeLog.consumer.ldappc.quartzCron =
- Is there a tool to keep audit log size from growing forever?
(The page https://spaces.internet2.edu/display/Grouper/User+auditing
mentions one that is not available yet).
+ Would a simple sql request, deleting audit entries older than
a given age, be enough?
+ On sites that do trim the audit logs, what kind of policies are
used to decide which entries are deleted? (i.e. more complex than
just age).
+ Is there a way to disable auditing selectively (e.g. for
some GrouperLoader groups or gsh.sh batches)?
Any pointers for documents about these topics are welcome!
Best regards,
Dominique Petitpierre
Mr Dominique Petitpierre, user=Dominique.Petitpierre domain=unige.ch
Division Informatique, University of Geneva, Switzerland
- [grouper-users] Keeping change logs and audit logs from using too much space, Dominique Petitpierre, 05/06/2011
- RE: [grouper-users] Keeping change logs and audit logs from using too much space, Chris Hyzer, 05/06/2011
- RE: [grouper-users] Keeping change logs and audit logs from using too much space, Nathan Kopp, 05/06/2011
- Re: [grouper-users] Keeping change logs and audit logs from using too much space, Dominique Petitpierre, 05/09/2011
- RE: [grouper-users] Keeping change logs and audit logs from using too much space, Chris Hyzer, 05/09/2011
- RE: [grouper-users] Keeping change logs and audit logs from using too much space, Chris Hyzer, 05/06/2011
Archive powered by MHonArc 2.6.16.