Skip to Content.
Sympa Menu

grouper-users - [grouper-users] Keeping change logs and audit logs from using too much space

Subject: Grouper Users - Open Discussion List

List archive

[grouper-users] Keeping change logs and audit logs from using too much space


Chronological Thread 
  • From: Dominique Petitpierre <>
  • To: "" <>
  • Subject: [grouper-users] Keeping change logs and audit logs from using too much space
  • Date: Fri, 06 May 2011 17:48:30 +0200
  • Organization: University of Geneva

Hello,

in an installation of Grouper 1.6.3, I am worrying about the space
taken in the database by the change logs and audit logs. The tables
grouper_change_log_entry and grouper_audit_entry and their indexes
are by far the largest consumers of space in the database.

Here are a few questions:


- How does one disable change logs completely? The property
changeLog.enabled=false in the file grouper.properties does not seem
to be sufficient: e.g. when a member is added to a group via the
Grouper UI or the Grouper shell then an entry is anyway inserted in
the table grouper_change_log_entry_temp.

Here is an extract of the config files:

grep '^changeLog.*enable' \
tomcat/webapps/grouper/WEB-INF/classes/grouper.properties \
grouper/conf/grouper.properties \
grouper/conf/grouper-loader.properties

tomcat/webapps/grouper/WEB-INF/classes/grouper.properties:changeLog.enabled
= false
grouper/conf/grouper.properties:changeLog.enabled = false

grouper/conf/grouper-loader.properties:changeLog.enabledDisabled.quartz.cron
= 0 1 0,11,15 * * ?

grouper/conf/grouper-loader.properties:changeLog.changeLogTempToChangeLog.enable
= false



- Is it safe to disable the change logs?

+ In particular, are the audit logs independent of the change logs?

+ Also, beside the custom consumers that could be configured
according to the description in
https://spaces.internet2.edu/display/Grouper/Notifications+(change+log),
is there some core functionality that depends on the change logs?

+ Why are change logs enabled by default?
(cf. grouper.example.properties)


- When change logs are enabled, is there a default mechanism that
periodically delete old entries in the table
grouper_change_log_entry? Something like what happens with the
table grouper_loader_log
(e.g. loaderRunOneJob("MAINTENANCE_cleanLogs") in gsh.sh, and the
property loader.retain.db.logs.days in grouper-loader.properties).

+ Is there a way to know that all configured consumers have
processed a change log entry (and thus it is deletable)?

- Does ldappc or ldappcng provide a consumer for change logs?
There is a hint about it in the section about consumers in
grouper-loader.properties, as comments:
#changeLog.consumer.ldappc.class =
#changeLog.consumer.ldappc.quartzCron =

- Is there a tool to keep audit log size from growing forever?
(The page https://spaces.internet2.edu/display/Grouper/User+auditing
mentions one that is not available yet).

+ Would a simple sql request, deleting audit entries older than
a given age, be enough?

+ On sites that do trim the audit logs, what kind of policies are
used to decide which entries are deleted? (i.e. more complex than
just age).

+ Is there a way to disable auditing selectively (e.g. for
some GrouperLoader groups or gsh.sh batches)?


Any pointers for documents about these topics are welcome!

Best regards,
Dominique Petitpierre

Mr Dominique Petitpierre, user=Dominique.Petitpierre domain=unige.ch
Division Informatique, University of Geneva, Switzerland



Archive powered by MHonArc 2.6.16.

Top of Page