Omit SMB audit results from audit.query output by default

This is an optimization to improve memory consumption by default queries used by the webui. Initially we included SMB audit results by default with the expectation that user would specify the exact audited service they wanted to query. Since SMB audit logs can span upwards to hundreds of thousands of entries in some extreme cases we need to ensure that UI / API consumers use optimized SQL queryfilters with appropriate pagination.
truenas · Aug 7, 2024 · 76e3f30 · 76e3f30
1 parent 5995885
commit 76e3f30
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 2 deletions.
diff --git a/src/middlewared/middlewared/plugins/audit/audit.py b/src/middlewared/middlewared/plugins/audit/audit.py
@@ -129,7 +129,7 @@ async def compress(self, data):
 
     @accepts(Dict(
         'audit_query',
-        List('services', items=[Str('db_name', enum=ALL_AUDITED)], default=ALL_AUDITED),
+        List('services', items=[Str('db_name', enum=ALL_AUDITED)], default=['MIDDLEWARE', 'SUDO']),
         Ref('query-filters'),
         Ref('query-options'),
         register=True

diff --git a/src/middlewared/middlewared/plugins/audit/utils.py b/src/middlewared/middlewared/plugins/audit/utils.py
@@ -122,7 +122,7 @@ def parse_query_filters(
 
             match f[1]:
                 case '=' | 'in':
-                    services_to_check = services_to_check & svcs
+                    services_to_check = svcs
                 case '!=' | 'nin':
                     services_to_check = services_to_check - svcs
                 case _: