Grouper Users - Open Discussion List

[Chris Hyzer <>]

> 
> - How does one disable change logs completely?  The property
>   changeLog.enabled=false in the file grouper.properties does not seem
>   to be sufficient: e.g. when a member is added to a group via the
>   Grouper UI or the Grouper shell then an entry is anyway inserted in
>   the table grouper_change_log_entry_temp.
> 

At this time there is not a way...

> - Is it safe to disable the change logs?
> 
>   + In particular, are the audit logs independent of the change logs?

Yes, but point in time logs (2.0) use the change log.  Im not sure what else, 
but we are assuming it is on.

> 
>   + Also, beside the custom consumers that could be configured
>     according to the description in
>     https://spaces.internet2.edu/display/Grouper/Notifications+(change+log),
>     is there some core functionality that depends on the change logs?
> 

I think you should keep the change log on...

>   + Why are change logs enabled by default?
>     (cf. grouper.example.properties)
> 

We assume they will be on.  If people really want it to not be on, let us 
know and we can investigate further to see if this is possible...

> 
> - When change logs are enabled, is there a default mechanism that
>   periodically delete old entries in the table
>   grouper_change_log_entry? Something like what happens with the
>   table grouper_loader_log
>   (e.g. loaderRunOneJob("MAINTENANCE_cleanLogs") in gsh.sh, and the
>   property loader.retain.db.logs.days in grouper-loader.properties).
> 

There isnt, but it is on our list...

>   + Is there a way to know that all configured consumers have
>     processed a change log entry (and thus it is deletable)?
> 

Yes, there is a table called grouper_change_log_consumer which maintains eash 
consumer and the last processed change log index

> - Does ldappc or ldappcng provide a consumer for change logs?
>   There is a hint about it in the section about consumers in
>   grouper-loader.properties, as comments:
>     #changeLog.consumer.ldappc.class =
>     #changeLog.consumer.ldappc.quartzCron =
> 

It will in ~2.0...

> - Is there a tool to keep audit log size from growing forever?
>   (The page https://spaces.internet2.edu/display/Grouper/User+auditing
>    mentions one that is not available yet).
> 

It is on our list

>   + Would a simple sql request, deleting audit entries older than
>     a given age, be enough?
> 

Yes.  This is what we will at to Grouper at some point (hopefully soon)

>   + On sites that do trim the audit logs, what kind of policies are
>     used to decide which entries are deleted? (i.e. more complex than
>     just age).
> 

Penn has done it just by age, not sure about other places

>   + Is there a way to disable auditing selectively (e.g. for
>     some GrouperLoader groups or gsh.sh batches)?
> 

No

Thanks,
Chris