API logging & postgres performance

[umunix]

Hi Nagios folks,

We recently upgraded from Nagios 5.4.x -> 5.7.2 and I've noticed calls made to the API are now being logged in the audit_log table.

I went to view the auditlog and it took a good amount of time to load. We have some external applications that call on the API quite frequently (160k calls in the period of about 18 hours).

Is there a way we might be able to disable api logs being inserted into XI's database / audit_log? I'm worried about postgres performance, and I'm not sure we really require calls to the API to be in the audit log.

Kind regards
Richard

[lmiltchev]

Unfortunately, there is no way to stop XI from logging to the audit log. However, you could reduce the number of days you keep the audit log entries. The "default" value is 30 days. You can drop it to 1 day. You can do that by changing this line:

Code: Select all

"max_auditlog_age" => 30, // max time (in DAYS) to keep audit log entries

to this:

Code: Select all

"max_auditlog_age" => 1, // max time (in DAYS) to keep audit log entries

in the /usr/local/nagiosxi/html/config.inc.php file.

This should help.

Note: To be honest, I don't know what is going to happen if you use "0" (zero), this is why I am not suggesting it. It could mean "don't keep any entries", but most likely it would mean "unlimited"... I don't think you would want that.

[umunix]

Thanks for your reply!

I tried setting both 0 and 1 day API log retentions. Setting it to 0 didn't seem to disable logging, and setting it at 1 day still kept enough rows (~200k / 2-3 per second) in xi's audit table to make the audit log interface significantly slow (for us at least).

It might be a nice feature request if API logging could be disable (or perhaps written to a file instead). Or alternatively, the option to not log read-only API calls. Pretty well all of our API calls are exclusively requests to read host and service state information for some external dashboards we've created, which is why the API is polled so frequently.

For the interim, I think I might just comment out call to the logging function ourselves in /usr/local/nagiosxi/html/api/includes/utils-api.inc.php

The line:
send_to_audit_log(sprintf(_('API endpoint \'%1$s/%2$s\' accessed via %3$s with arguments %4$s'), $this->endpoint, $this->verb, $this->method, json_encode($args)), AUDITLOGTYPE_SECURITY, AUDITLOGSOURCE_API, $_SESSION['username']);

[lmiltchev]

It might be a nice feature request if API logging could be disable (or perhaps written to a file instead). Or alternatively, the option to not log read-only API calls. Pretty well all of our API calls are exclusively requests to read host and service state information for some external dashboards we've created, which is why the API is polled so frequently.

I filed an internal feature request for adding this functionality. Please keep in mind that the decision to implement the enhancement is at the discretion of our development team.

For the interim, I think I might just comment out call to the logging function ourselves in /usr/local/nagiosxi/html/api/includes/utils-api.inc.php

The line:
send_to_audit_log(sprintf(_('API endpoint \'%1$s/%2$s\' accessed via %3$s with arguments %4$s'), $this->endpoint, $this->verb, $this->method, json_encode($args)), AUDITLOGTYPE_SECURITY, AUDITLOGSOURCE_API, $_SESSION['username']);

This is fine, but don't forget that these changes would be reverted on each upgrade of Nagios XI. FYI. You would need to redo the mod.

[umunix]

Thank you!

[lmiltchev]

You are welcome! I am closing this topic now. If you have any further questions, please start a new thread.