Monal causes excessive entries in audit log #240
Comments
|
Note that Monal recommends setting a high smacks timeout (at least 24 hours) Depending on whether Snikket logs session resumptions in the audit log, a side benefit could be less (redundant) log entries. |
|
Thanks! I'm aware of this recommendation, but unfortunately the high smacks timeout has the potential to increase server resource usage and negatively affect other clients which do not act the way that Monal does. Applying it selectively may be a solution, but I'm not sure how easy that would be to implement. |
|
Oh, and an important thing to note is that authentication happens before a resumption, so this still wouldn't be a full solution unless we figured out a way to implement detection of that in mod_audit_auth. We can't just delay the audit log until XEP-0198 is enabled or resumed, because this would allow a (e.g. malicious) client which didn't implement XEP-0198 to avoid being recorded in the audit log. |
Monal is relatively unique among clients in that it reconnects to the server extremely frequently (by design). This can cause an excessive number of entries in the server's audit log under normal usage. The performance of large audit logs should be improved when #196 becomes the default configuration. However it's also a good idea to avoid these excessive entries in the first place.
For example, it should be acceptable to skip recording entries successfully using FAST auth with a recognised client ID.
Edit: Apparently Monal does not implement FAST yet, so this can't be done securely.
The text was updated successfully, but these errors were encountered: