Add a feature to completely disable audit_log on the site or store logs in a fil

  • Since the audit_log of the plugin is stored in a database, the database can become very large, making it extremely difficult to back up the database due to its large size. Please add a feature to disable audit_log completely or to store logs in a file instead of in the database.

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @pyspil,

    If datbase become very large please cross check what is making if it is due to brute force attack it should be try to reduce.

    You can make audit logs to purge old records than 30 days or might be 10 days using below constant defined in wp-config.php 

    define('AIOWPSEC_PURGE_AUDIT_LOGS_AFTER_DAYS', 30);

    You can delete the audit logs from back end. WP Security >Dashboard > Audit logs there bulk action “Delete all” which will delete all audit logs.

    Possibility to disable audit log is requested some other users also and there was internal discussion concluded with possibility to disable particular events might be considered but it is still under discussion. I have added your request to it.

    Storing in file should not be considered as we are showing it as list for users and database is good for that.

    Regards

    Plugin Support aporter

    (@aporter)

    Hi,

    Can you tell us what events are filling up the audit log?

    Best Wishes,

    Ashley

    Can you tell us what events are filling up the audit log?

    Audit_log is filled due to a very high number of failed login attempts by spam bots.

    Plugin Support hjogiupdraftplus

    (@hjogiupdraftplus)

    Hi @pyspil,

    Can you please share the stack trace from WP Security > Dashboard > Audit logs tab – clicking show trace using https://pastebin.com/.

    Also can you please make sure below settings on.

    1) Brute force > Rename login page – Here you can change login page url


    2) Brute force > Captcha settings – Here you can apply the captcha for the login page etc.

    3) Miscellaneous > User enumeration tab – Here you can stop username being exposed

    4) WP Security > Firewall > Basic firewall rules tab > Completely block access to XMLRPC , Disable pingback functionality from XMLRPC – XML RPC is trying to authenticate the user which might be failed login attempt

    As far as I know, in a recent update, a filter was added to completely disable audit logs. Can I find out how I can use this?

    Plugin Support aporter

    (@aporter)

    Hi,

    You can use the following to disable all events from being recorded:

    function aios_audit_log_record_event($record_event, $event_type, $details, $event_level, $username) {

    return false;

    }

    add_filter(‘aios_audit_log_record_event’, ‘aios_audit_log_record_event’, 10, 5);

    Please note that if you disable all events from being recorded some features of the plugin and future features will no longer work

    For example the login lockdown feature will no longer work as no failed logins are being recorded.

    Best Wishes,

    Ashley

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Add a feature to completely disable audit_log on the site or store logs in a fil’ is closed to new replies.