Hi there,
we have in the controller.hcl a file sink activated. The activated event types are audit and observation. When connecting to a server, among other things, an audit log is created for session authentication. The request path is /v1/targets/:authorize-session.
The log also contains the attribute “grants_info” . In this attribute all targets from all scopes are listed (in our case a lot). This inflates the log message tremendously (over 200kb and more). Is there a way to configure which attributes appear in a log or to cut out unwanted attributes? Disabling the whole log with a deny-filter on the path is unfortunately not suitable, because the log contains other important information apart from grant-info.
Example of authentication log:
"id": "<some id>",
"source": "https://hashicorp.com/boundary/27c2435697fd/controller",
"specversion": "1.0",
"type": "audit",
"data": {
"id": "<some id>",
"version": "v0.1",
"type": "APIRequest",
"timestamp": "2023-10-26T08:07:56.043068256Z",
"request_info": {
"id": "<some id>",
"method": "POST",
"path": "/v1/targets/<target>:authorize-session",
"public_id": "<some id>",
"client_ip": "<some ip>"
},
"auth": {
"auth_token_id": "",
"user_info": {
"id": "<some user id>"
},
"grants_info": {
"grants": [
{
"grant": "id=*;type=session;actions=cancel:self,list,read:self",
"scope_id": "<scope id>",
"role_id": "<role id>"
},
{
"grant": "type=target;actions=list",
"scope_id": "<scope id>",
"role_id": "<role id>"
},
{
"many other grants"
}...