rogerdahl
commented
4 years ago This has been in GMN for a while now, but I forgot to close this issue.
# No "read" events will be logged for any request that matches one or more of
# the following filters.
# Ignore "read" events by user agent, ip address or subject. These are
# lists of case insensitive regular expressions that are applied one by one
# using re.match(). If a match is found, the "read" event is not logged.
LOG_IGNORE_USER_AGENT = []
LOG_IGNORE_IP_ADDRESS = []
LOG_IGNORE_SUBJECT = []
# Ignore "read" events for DataONE trusted subjects.
# True (default):
# - "read" events are not logged in requests made by subjects which are in the
# DATAONE_TRUSTED_SUBJECTS list or are CN subjects in the DataONE environment in
# which this node is registered.
# False:
# - Do not apply this filter.
LOG_IGNORE_TRUSTED_SUBJECT = True
# Ignore "read" event for subjects authenticated by the client side certificate.
# True (default):
# - "read" events are not logged in requests which where authenticated using
# this MN's local client side certificate.
# False:
# - Do not apply this filter.
LOG_IGNORE_NODE_SUBJECT = True
There are cases where MN operators want to exclude counting of events from log reporting to the CNs because the access is from a known internal service for example, that might skew reporting.
Implement a configurable black list that would exclude matching IP addresses or subjects from appearing in logged events reported to the CNs for aggregation.
See also: https://github.com/NCEAS/metacat/issues/1284