Stefano Bonicatti
04/26/2021, 5:54 PMevents_max=1
and buffered_log_max=1
, can you confirm again that events_expiry
is at 1 or a low value where you would expect the query to expire the events?Daniel Wyleczuk-Stern
04/26/2021, 10:49 PM--audit_allow_sockets=true
or does
--audit_allow_sockets
alone work?Aleks
04/27/2021, 11:44 PMAndrew
04/28/2021, 2:19 AMMike Myers
04/28/2021, 4:00 PMZach Zeid
04/28/2021, 8:25 PMJuan Alvarez
04/30/2021, 11:39 AMlogger_tls_max_lines
increased from 1024 to 4096 which seems to help improve the situation, as it avoids the a growing pattern of the DB over time (seems to be cleaned up every hour), however there are still a lot of .LOG files created (it goes up to 300 files).
I have been considering the idea of completely disabling the use of WAL in RocksDB, which suppose a drastical drop in IOPS.
I can see in the code that there is a disableWAL in case of events, but it does not seem to be working, as LOG files build up even when this box is only looking at windows events.
// Events should be fast, and do not need to force syncs.
auto options = rocksdb::WriteOptions();
if (kEvents == domain) {
options.disableWAL = true;
} else {
options.sync = true;
}
I just disabled WAL in every case, and then i can get rid of the LOG files and see a big drop in IOPS.
I do not have a big reason to not disable WAL as it seems that we may only lose some in-memory data in case of fatal crash, but i am pretty new to this so, does somebody know any side-effects that i am missing?Mystery Incorporated
05/02/2021, 6:29 AMChris Ray
05/03/2021, 1:28 PMallister
05/05/2021, 2:45 AMallister
05/05/2021, 4:22 PMallister
05/05/2021, 4:27 PMFrancisco Huerta
05/07/2021, 7:35 PMallister
05/12/2021, 12:26 AMTao Jiang
05/12/2021, 9:52 PMIan Muscat
05/14/2021, 8:58 AMexclude_paths
supports wildcards, however I’m not sure this is working properly. The only wildcard I managed to get working is %%
at the end of a path.JohnM
05/14/2021, 2:04 PMCuong Bui
05/15/2021, 3:49 AMTal Kapon
05/17/2021, 4:35 AMAnoop K V
05/17/2021, 9:08 AMNikhil Pawade
05/17/2021, 9:22 AMmike maxwell
05/17/2021, 6:35 PMmike maxwell
05/17/2021, 6:38 PMNithin Sade
05/17/2021, 8:19 PMAbhijit
05/18/2021, 6:04 AMJ
05/18/2021, 9:57 AMAhmed
05/18/2021, 11:20 AMDeepak
05/18/2021, 4:46 PMSlackbot
05/19/2021, 4:12 PMNabil Schear
05/20/2021, 6:00 PMmount_namespace_id
feature of various tables like deb_packages
? I have a docker container running and would like to be able to query the packages installed in the container. I am able to accomplish this using pid_with_namespace
and passing in a pid from the container. However, passing in the mount namespace id from select mnt_namespace from docker_containers;
returns no results.