all: limit request tracer log count to five#8489
Conversation
efd6
added
enhancement
efd6
force-pushed
the
maxlogs_tracers
branch
3 times, most recently
from
d3d7d1d to
80ae524
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
🌐 Coverage report
|
|
/test |
2 similar comments
|
/test |
|
/test |
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
|
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
efd6
force-pushed
the
maxlogs_tracers
branch
from
80ae524 to
b8aee2a
Compare
|
So the configuration would now limit to 5 request tracer logs, each 1MB in size per the |
|
Yes, that's approximately correct. There are a couple of integrations that limit log size to 5MB in their configs here, but all are now limited to 5 files. |
ebeahan
left a comment
ebeahan
left a comment
There was a problem hiding this comment.
++
Initially, I worried slightly about limiting to 5MB being too limited for certain troubleshooting situations. However, I think it's a sensible starting point and better than inadvertently filling disk if the toggle is turned on and forgotten. 😅
|
/test |
leehinman
left a comment
leehinman
left a comment
There was a problem hiding this comment.
Changes to httpjson.yml.hbs look good, but I did notice 2 changelog.yml changes that looked odd.
There was a problem hiding this comment.
Is this right PR number for this change?
There was a problem hiding this comment.
No, no it is not. I will repair that to what it should have been.
packages/o365/changelog.yml
Outdated
There was a problem hiding this comment.
Is this the right PR number for this change?
|
Package tines - 1.9.0 containing this change is available at https://epr.elastic.co/search?package=tines |
|
Package trellix_epo_cloud - 1.9.0 containing this change is available at https://epr.elastic.co/search?package=trellix_epo_cloud |
|
Package trend_micro_vision_one - 1.15.0 containing this change is available at https://epr.elastic.co/search?package=trend_micro_vision_one |
|
Package windows - 1.43.0 containing this change is available at https://epr.elastic.co/search?package=windows |
|
Package wiz - 0.4.0 containing this change is available at https://epr.elastic.co/search?package=wiz |
|
Package zeek - 2.22.0 containing this change is available at https://epr.elastic.co/search?package=zeek |
|
Package zerofox - 1.22.0 containing this change is available at https://epr.elastic.co/search?package=zerofox |
|
Package zeronetworks - 1.11.0 containing this change is available at https://epr.elastic.co/search?package=zeronetworks |
andrewkroh
added
Integration:akamai
7 participants
Proposed commit message
Currently the request tracer log is configured to retain all logs. This opens the risk of user filesystems being filled with unwanted logs. So limit the number of logs to five (picked as reasonably similar to the number of logs retained by elastic-agent, although the logs are not necessarily comparable in size or temporal domain).
Relevant docs for the change:
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots