Ability to filter out AUDIT logs #4502
Description
SUMMARY
Currently, the log files /var/log/st2/st2*.log contain all of the AUDIT log information as well as the INFO and DEBUG information. These AUDIT logs are duplicated in the /var/log/st2/st2*.audit.log files.
In our case the /var/log/st2/st2scheduler.log and /var/log/st2/st2scheduler.log are both 5GB in size (10GB total) in less than 24h of runtime.
We would like the ability to disable sending AUDIT logs to the /var/log/st2/st2*.log files since the information is duplicated anyways.
ISSUE TYPE
- Feature Idea
STACKSTORM VERSION
$ st2 --version
st2 2.10.1, on Python 2.7.5
OS / ENVIRONMENT / INSTALL METHOD
$ uname -a
Linux nor1devssd01.dev.encore.tech 3.10.0-957.1.3.el7.x86_64 #1 SMP Thu Nov 15 17:36:42 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux
$ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 7.6 (Maipo)
Install method = puppet-st2
STEPS TO REPRODUCE
$ grep "AUDIT action" st2scheduler.log | wc -l
1447
EXPECTED RESULTS
$ grep "AUDIT action" st2scheduler.log | wc -l
0
ACTUAL RESULTS
I think the "chattyness" of st2scheduler could be turned down as well. Not sure the entire action and results need to be printed every time a scheduling change occurs? (maybe it does?)