Max Log Length and S3 Object Path #89
-
Hi Substation team, I am using substation to pipe and process CloudTrail logs stored in S3 buckets. Some of the log files are not newline delimited, and can be quite large (the compressed json files can take up to 50 MB). It seems that substation uses the default bufio.Buffer size which is 64K and truncate the logs if they exceed the size. Is there a configuration that I can change to support long log lines? Also, the S3 object files use uuid as the prefix. Do you guys support using the same object key as the object key of the processed logs? It would be useful to have a direct 1:1 mapping so that we can compare them. Thanks in advance. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 7 replies
-
Hi @Bin-security 👋
That's correct, by default the project uses the same configuration as the bufio package. We use environment variables to control runtime settings, the variable you'll need to configure is
Right now the object path is dynamic but follows this convention: |
Beta Was this translation helpful? Give feedback.
-
See #91 for more details on configurable object paths for the AWS S3 sink. |
Beta Was this translation helpful? Give feedback.
Hi @Bin-security 👋
That's correct, by default the project uses the same configuration as the bufio package. We use environment variables to control runtime settings, the variable you'll need to configure is
SUBSTATION_SCAN_CAPACITY
. Internally at Brex we use a scan capacity of256000000
(256MB) for CloudTrail logs. One thing to keep in mind is that this scan capacity will impact how much memory the Lambda uses, so you'll need to increase that as well otherwise you'll see out of memory errors.