-
-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make AWS kinesis status logging configurable #6135
Make AWS kinesis status logging configurable #6135
Conversation
|
e1bf667
to
d213e15
Compare
d213e15
to
09159aa
Compare
Thanks for the PR @nickcollier, do you mind including a description of why this is useful. Is there a specific problem this is solving? Do you mind including a test plan too? For example, steps I can use to reproduce testing enabling/disabling the status logging. We should also look closer and understand if this can be toggled on/off via configuration updates. I cannot remember if this check is performed once or each time a status log occurs. |
@theopolis here are the steps I used to test this change - please let me know if you want any more details.
|
@theopolis usesLogStatus it's called in the LoggerPlugin::call function, here: osquery/osquery/core/plugins/logger.cpp Line 64 in 21fa6d9
So it gets called every line that has to be logged. @nickcollier Please remember to sign our CLA too. |
@Smjert I've signed the CLA now |
The AWS kineis logger plugin is sent two types of log record: results logs which are produced by scheduled queries and status logs which are produced by glog. When the logger_min_status or verbose options are used the volume of status logs can cause undesirable bandwidth usage.
Logger plugins can opt out of being sent status logs by overriding the base LoggerPlugin usesLogStatus method. The AWS kinesis logger plugin currently opts in for status logs and this cannot be configured.
This PR adds a new configuration option aws_kinesis_disable_log_status that when set to true will prevent status logs being sent to kinesis. The default value of this option is false so when not specified the previous behaviour is retained. The options can be set either as a CLI flag or in the configuration.