Hi. Could you please describe logging, sessions and events a little bit more?

sessions

A sshportal feature is Audit log (logging every user action). These logs seems to be stored in log/<name>-session-<time> files and can be listet with session ls. Inspecting with session inspect <id> shows useful informations, but the output contains very little data compared to the file size.

• Why is the file size sometimes more than 50 MB? How can I access that session data?
• I only need the data listet in session ls, not more or less. Is it possible to limit/filter session data to prevent big files?
• How can I cleanup the data properly (without downtimes)? Regarding the combinaton of sqlite and files: Is it ok to simply delete old files like #195 suggests?
• ERROR from session ls is sometimes <nil>. Why?

events

After time the event ls list gets very big. One of our hosts shows in the meantime error: too many SQL variables .

• How can I rotate or cleanup the event data properly (without downtimes)?

host logging mode

• What do thehost create|update --logging=MODE in current sshportal versions? Is it related to events and/or sessions?

bonus question: backup

The documentation says: cp sshportal.db sshportal.db.bkp # or just the immortal cp. I have no knowledge about sqlite: Is that operation also possible during runtime and produces a reliable backup? As far as I know, cp is not an atomic operation.

environment

• currently sshportal 1.10.0 (with sqlite), will be updated soon to the newest version
• Debian Buster
• Docker

Thx! :)