crowdsec icon indicating copy to clipboard operation
crowdsec copied to clipboard
verified publisher icon crowdsecurity

Improvement/cscli: Limit Acquisition Metrics to x days back in 'cscli metrics'

Open Lamera opened this issue 4 years ago • 2 comments

Is your feature request related to a problem? Please describe. At this moment when running 'cscli metrics' we get 2129 lines back. This is too much to get a decent overview. The reason we get that many lines is we use rotatelogs from apache. Every day it will generate a new access log file for each website we're hosting on this server and compress and archive the old acces log file. And this will generate at this moment 89 new lines every day in the acquisition metrics. And this even tough the file isn't there anymore.

Describe the solution you'd like It doesn't make much sense to get all the history from all access logs by default. I suggest to limit this behavior to max 3 days back. Or list only still existing files.

Describe alternatives you've considered (Optional) A possible workaround exists: Restart crowdsec service every 3 days to reload the access logs.

Lamera avatar Dec 13 '21 10:12 Lamera

I don't believe it would be easy to :

  • have metrics that "only" go 3 days back What would be doable :
  • automatically close files (and delete associated metric) if a file has not seen event(s) since $duration

buixor avatar Dec 22 '21 15:12 buixor

This sounds like a good idea. Would be great to have only "active" logfiles in cscli metrics.

Lamera avatar Dec 22 '21 21:12 Lamera