Question: Details about logging, sessions and events
firla opened this issue · comments
Hi. Could you please describe logging, sessions and events a little bit more?
sessions
A sshportal feature is Audit log (logging every user action). These logs seems to be stored in log/<name>-session-<time>
files and can be listet with session ls
. Inspecting with session inspect <id>
shows useful informations, but the output contains very little data compared to the file size.
- Why is the file size sometimes more than 50 MB? How can I access that session data?
- I only need the data listet in
session ls
, not more or less. Is it possible to limit/filter session data to prevent big files? - How can I cleanup the data properly (without downtimes)? Regarding the combinaton of sqlite and files: Is it ok to simply delete old files like #195 suggests?
ERROR
fromsession ls
is sometimes<nil>
. Why?
events
After time the event ls
list gets very big. One of our hosts shows in the meantime error: too many SQL variables
.
- How can I rotate or cleanup the event data properly (without downtimes)?
host logging mode
- What do the
host create|update --logging=MODE
in current sshportal versions? Is it related to events and/or sessions?
bonus question: backup
The documentation says: cp sshportal.db sshportal.db.bkp # or just the immortal cp
. I have no knowledge about sqlite: Is that operation also possible during runtime and produces a reliable backup? As far as I know, cp
is not an atomic operation.
environment
- currently sshportal 1.10.0 (with sqlite), will be updated soon to the newest version
- Debian Buster
- Docker
Thx! :)