all: limit request tracer log count to five #8489
Conversation
efd6
added
enhancement
efd6
force-pushed
the
maxlogs_tracers
branch
3 times, most recently
from
d3d7d1d
to
80ae524
Compare
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
🤖 GitHub commentsExpand to view the GitHub comments
To re-run your PR in the CI, just comment with:
|
🌐 Coverage report
|
|
/test |
2 similar comments
|
/test |
|
/test |
|
Pinging @elastic/security-external-integrations (Team:Security-External Integrations) |
|
Pinging @elastic/elastic-agent-data-plane (Team:Elastic-Agent-Data-Plane) |
efd6
force-pushed
the
maxlogs_tracers
branch
from
80ae524
to
b8aee2a
Compare
|
So the configuration would now limit to 5 request tracer logs, each 1MB in size per the |
|
Yes, that's approximately correct. There are a couple of integrations that limit log size to 5MB in their configs here, but all are now limited to 5 files. |
|
/test |
| @@ -56,7 +56,7 @@ | |||
| changes: | |||
| - description: Update package spec to 2.9.0. | |||
| type: enhancement | |||
| link: https://github.com/elastic/integrations/pull/1 | |||
| link: https://github.com/elastic/integrations/pull/8489 | |||
There was a problem hiding this comment.
Is this right PR number for this change?
There was a problem hiding this comment.
No, no it is not. I will repair that to what it should have been.
packages/o365/changelog.yml
Outdated
| @@ -36,7 +41,7 @@ | |||
| changes: | |||
| - description: Fix mappings for dynamically mapped fields. | |||
| type: enhancement | |||
| link: https://github.com/elastic/integrations/pull/1 | |||
| link: https://github.com/elastic/integrations/pull/8489 | |||
There was a problem hiding this comment.
Is this the right PR number for this change?
|
Package qualys_vmdr - 0.8.0 containing this change is available at https://epr.elastic.co/search?package=qualys_vmdr |
|
Package rapid7_insightvm - 1.8.0 containing this change is available at https://epr.elastic.co/search?package=rapid7_insightvm |
|
Package salesforce - 0.12.0 containing this change is available at https://epr.elastic.co/search?package=salesforce |
|
Package sentinel_one - 1.19.0 containing this change is available at https://epr.elastic.co/search?package=sentinel_one |
|
Package slack - 1.17.0 containing this change is available at https://epr.elastic.co/search?package=slack |
|
Package snyk - 1.19.0 containing this change is available at https://epr.elastic.co/search?package=snyk |
|
Package sophos_central - 1.13.0 containing this change is available at https://epr.elastic.co/search?package=sophos_central |
|
Package spring_boot - 1.1.0 containing this change is available at https://epr.elastic.co/search?package=spring_boot |
|
Package symantec_edr_cloud - 0.3.0 containing this change is available at https://epr.elastic.co/search?package=symantec_edr_cloud |
|
Package system - 1.49.0 containing this change is available at https://epr.elastic.co/search?package=system |
|
Package tenable_io - 2.7.0 containing this change is available at https://epr.elastic.co/search?package=tenable_io |
|
Package tenable_sc - 1.20.0 containing this change is available at https://epr.elastic.co/search?package=tenable_sc |
|
Package ti_abusech - 1.24.0 containing this change is available at https://epr.elastic.co/search?package=ti_abusech |
|
Package ti_cif3 - 1.10.0 containing this change is available at https://epr.elastic.co/search?package=ti_cif3 |
|
Package ti_cybersixgill - 1.25.0 containing this change is available at https://epr.elastic.co/search?package=ti_cybersixgill |
|
Package ti_maltiverse - 0.8.0 containing this change is available at https://epr.elastic.co/search?package=ti_maltiverse |
|
Package ti_misp - 1.27.0 containing this change is available at https://epr.elastic.co/search?package=ti_misp |
|
Package ti_opencti - 0.3.0 containing this change is available at https://epr.elastic.co/search?package=ti_opencti |
|
Package ti_otx - 1.22.0 containing this change is available at https://epr.elastic.co/search?package=ti_otx |
|
Package ti_rapid7_threat_command - 1.14.0 containing this change is available at https://epr.elastic.co/search?package=ti_rapid7_threat_command |
|
Package ti_recordedfuture - 1.20.0 containing this change is available at https://epr.elastic.co/search?package=ti_recordedfuture |
|
Package ti_threatq - 1.23.0 containing this change is available at https://epr.elastic.co/search?package=ti_threatq |
|
Package tines - 1.9.0 containing this change is available at https://epr.elastic.co/search?package=tines |
|
Package trellix_epo_cloud - 1.9.0 containing this change is available at https://epr.elastic.co/search?package=trellix_epo_cloud |
|
Package trend_micro_vision_one - 1.15.0 containing this change is available at https://epr.elastic.co/search?package=trend_micro_vision_one |
|
Package windows - 1.43.0 containing this change is available at https://epr.elastic.co/search?package=windows |
|
Package wiz - 0.4.0 containing this change is available at https://epr.elastic.co/search?package=wiz |
|
Package zeek - 2.22.0 containing this change is available at https://epr.elastic.co/search?package=zeek |
|
Package zerofox - 1.22.0 containing this change is available at https://epr.elastic.co/search?package=zerofox |
|
Package zeronetworks - 1.11.0 containing this change is available at https://epr.elastic.co/search?package=zeronetworks |
Proposed commit message
Currently the request tracer log is configured to retain all logs. This opens the risk of user filesystems being filled with unwanted logs. So limit the number of logs to five (picked as reasonably similar to the number of logs retained by elastic-agent, although the logs are not necessarily comparable in size or temporal domain).
Relevant docs for the change:
Checklist
changelog.ymlfile.Author's Checklist
How to test this PR locally
Related issues
Screenshots