Relevant Versions: 8.0.7-8.1.1, 8.1.3
Details
The Datasource Audit Log profile has long had a setting for “Retention”, which would set the number of days of data to retain, and beyond which data would be periodically pruned.
Starting in 8.0.7, this field was incorrectly hidden from view/un-editable. However, it continued to function, meaning that new installs would prune after 90 days, with no direct way to modify this setting. Existing systems would continue to function as previously defined, though users would still not be able to view or modify the setting. This issue was rectified in 8.1.1.
The goal of this advisory is to notify users who have configured Datasource Audit Logs between these versions that their data will be pruned after 90 days.
Note: As discussed below in “Additional Details”, pruning will be disabled by default in 8.1.3.
Remedies
There are several ways to avoid this issue or mitigate its impact:
- Upgrade to 8.1.1 or later, so that the setting can be changed.
- Modify database permissions to disallow deletion from the audit log table, for the user specified by the Ignition database connection.
- Modify the internal database directly to alter the setting.
Modifying the Internal Database
Attention: If you are not comfortable crafting and executing SQL queries, please contact technical support for assistance.
This option can be used to modify the retention period for users who are using versions 8.0.7-8.1.0 and are unable to upgrade.
1. Navigate manually to http://{gwaddress}:{port}/web/status/sys.internaldb
(For example, http://localhost:8088/web/status/sys.internaldb )
2. After logging in, select “AUDITPROFILES” from the table list, select “Select All”, and execute the query to see the current rows.
3. Run an update query for the profile you would like to adjust:
UPDATE AUDITPROFILES SET RETENTION={value in days} WHERE AUDITPROFILES_ID={profile id}
Important: The retention value must be positive, and should not be 0. There is no “off” value, so to effectively disable pruning, please set the value to a very high number of days (see “Additional Details” below for more information)
4. Navigate to Configure>Security>Auditing in the gateway configuration interface. Select “edit” for the modified profile, and then immediately save it. This will trigger the system to reload and apply the new settings.
Additional Details
As of 8.1.3, we will introduce a setting to disable Audit Log Pruning.
This setting will be disabled by default, meaning that pruning will be turned off for existing gateways. Users who want to use pruning for datasource audit logs will need to re-enable this setting upon upgrade to 8.1.3.
Comments
0 comments
Please sign in to leave a comment.