Open Geogboe opened 7 years ago
Similar to #682 and #948.
@Geogboe
When environment variables have been set and are being utilized by Install-ChocolateyPackage or Install-ChocolateyInstallPackage (or other Chocolatey functions) and choco install
-y is running, those variables will be expanded and dumped into the Chocolatey logs.
I'm a little confused by this. We don't expand and log environment variables by default for this very reason. Where are you seeing this?
You can turn on an optional feature that would do this, but because of the security considerations that surround this, it is turned off by default. #563 - https://github.com/chocolatey/choco/commit/fe640fb1bf95012954f02e2e4e9b2d5c8857cefe
When running chocolatey commands, all logging appears to be verbose and can't be reduced.
We typically search the files for what you are looking for - and there are lots of tools out there that can help bubble only the relevant log items. It's easy to reduce the input through searching, but you can't get more verbose/debugging details if it is not in the logs, and many times that surrounding information is helpful, at least for us.
- Enable a choco.exe command line parameter which disables ALL logging during that run. This is similar to the command that already exists which reduces console output.
I like it. We can't promise this will be in the open source edition considering it's hard to see where this would be useful for an open source user, but we definitely see a use for it in commercial editions, where features like this that make sense for organizations typically end up (even if they would later trickle down to open source).
- Enable a configuration option which blocks ALL logging globally or on a source level. This option could be saved in the Chocolatey config file and either modified with choco.exe config or set during the choco source add. Applications required for security purposes could thus be better hidden.
Similar to the last one, definitely like this aspect.
- Modifications to size, retention policy, and logging directives.
This is actually already filed as #890. Please continue that aspect of the conversation over there.
Enable a choco.exe command line parameter which disables ALL logging during that run. This is similar to the command that already exists which reduces console output.
I like it. We can't promise this will be in the open source edition considering it's hard to see where this would be useful for an open source user, but we definitely see a use for it in commercial editions, where features like this that make sense for organizations typically end up (even if they would later trickle down to open source).
+1 on this feature. I could see a use for it in our environment. I'd like to set it on a per-command basis even if I can't set it globally.
Feature Request - Additional Control over Chocolatey logging
Overview
When installing a Chocolatey package there may be times when you need to control the logging behavior. Currently, some logging control has been implemented with Pass sensitive arguments to installers #948 but I'd like to submit a request for more control over logging.
What You Are Seeing?
When running
choco install <application> -y
verbose logs are dumped into c:\ProgramData\chocolatey\logs\chocolatey.log and c:\ProgramData\chocolatey\logs\choco.summary.logWhy does this matter?
When environment variables have been set and are being utilized by Install-ChocolateyPackage or Install-ChocolateyInstallPackage (or other Chocolatey functions) and
choco install <application> -y
is running, those variables will be expanded and dumped into the Chocolatey logs.Why does this matter?
Start-Process <process> -ArgumentList $secret
or by using Chocolatey for Business and runningchoco.exe <application> --secret-param
When running chocolatey commands, all logging appears to be verbose and can't be reduced.
Why does this matter?
Possible Ideas
choco.exe
command line parameter which disables ALL logging during that run. This is similar to the command that already exists which reduces console output.Example:
Enable a configuration option which blocks ALL logging globally or on a source level. This option could be saved in the Chocolatey config file and either modified with
choco.exe config
or set during thechoco source add
. Applications required for security purposes could thus be better hidden.Modifications to size, retention policy, and logging directives.
For instance,
Require log files stay under 1mb
Split logs into different files for different sources to enable easier auditing
Require logs be deleted after 30 days.
This could be achieved via cmdline
choco config
First feature request Sorry in advance if this isn't the correct structure. I deleted the template blocks because they seemed to only pertain to issues.