Fix file audit log rotation, fixes #2388 #2549
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
r0mant
approved these changes
Feb 9, 2019
lib/events/filelog.go
Outdated
| if cfg.RotationPeriod == 0 { | ||
| cfg.RotationPeriod = defaults.LogRotationPeriod | ||
| } | ||
| // make sure that rotation period is a multiple of one day | ||
| rotationDays := cfg.RotationPeriod / (24 * time.Hour) | ||
| if cfg.RotationPeriod != (rotationDays * 24 * time.Hour) { |
There was a problem hiding this comment.
If you want to make sure that cfg.RotationPeriod is a multiple of "24 hours", you could just do:
if cfg.RotationPeriod % (24 * time.Hour) == 0 { ... }
lib/events/filelog.go
Outdated
| // make sure that rotation period is a multiple of one day | ||
| rotationDays := cfg.RotationPeriod / (24 * time.Hour) | ||
| if cfg.RotationPeriod != (rotationDays * 24 * time.Hour) { | ||
| return trace.BadParameter("rotation period should be expressed in multiples of a single day, got %v instead", cfg.RotationPeriod) |
There was a problem hiding this comment.
If this message is gonna be shown to a user, I would add an example (e.g. 24h, 48h), otherwise it might not be clear what "multiples of a single day" means.
Also, is that okay that this new restriction might cause teleport not to start after upgrade for users who have a "wrong" value in their config?
There was a problem hiding this comment.
this value is not exposed in the config right now
lib/events/filelog.go
Outdated
| @@ -363,6 +395,12 @@ func (l *FileLog) matchingFiles(fromUTC, toUTC time.Time) ([]eventFile, error) { | |||
| return filtered, nil | |||
| } | |||
|
|
|||
| // parseFileTimte parses file's timestamp encoded into name | |||
This commit improves on-disk events log rotation: * Previously, log rotation was not deterministic, as logs could be rotated mid-day UTC, and events from the same day could end up in different files. This commit makes sure that logs are rotated on the UTC boundary of the day, and log entries from this day are located in the appropriate file, e.g. 2019-02-09.00:00:00.log will contain all event logs from 2019-02-09 day. * To improve UX, additional symlink event.log is located (by default in /var/lib/teleport/events.log) and is pointing to the latest events log file.
klizhentas
force-pushed
the
sasha/logs
branch
from
8df39ec to
20cae15
Compare
klizhentas
added a commit
that referenced
this pull request
Feb 10, 2019
This commit improves on-disk events log rotation: * Previously, log rotation was not deterministic, as logs could be rotated mid-day UTC, and events from the same day could end up in different files. This commit makes sure that logs are rotated on the UTC boundary of the day, and log entries from this day are located in the appropriate file, e.g. 2019-02-09.00:00:00.log will contain all event logs from 2019-02-09 day. * To improve UX, additional symlink event.log is located (by default in /var/lib/teleport/events.log) and is pointing to the latest events log file.
klizhentas
added a commit
that referenced
this pull request
Feb 10, 2019
This commit improves on-disk events log rotation: * Previously, log rotation was not deterministic, as logs could be rotated mid-day UTC, and events from the same day could end up in different files. This commit makes sure that logs are rotated on the UTC boundary of the day, and log entries from this day are located in the appropriate file, e.g. 2019-02-09.00:00:00.log will contain all event logs from 2019-02-09 day. * To improve UX, additional symlink event.log is located (by default in /var/lib/teleport/events.log) and is pointing to the latest events log file.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This commit improves on-disk events log rotation:
as logs could be rotated mid-day UTC, and events
from the same day could end up in different files.
This commit makes sure that logs are rotated
on the UTC boundary of the day, and log entries
from this day are located in the appropriate file,
e.g. 2019-02-09.00:00:00.log will contain all
event logs from 2019-02-09 day.
is located (by default in /var/lib/teleport/events.log)
and is pointing to the latest events log file.