Inspired by chatting to Volker just now, I'm wondering if we need to think about how we want the audit log to work as higher level functionality is added to ceph-mgr. Currently, the mgr and mon both send entries to the audit log when they handle commands. When a mgr command actually calls some mon commands under the hood, that makes things pretty spammy, and potentially makes it harder to pick out the real human operator's action amid all the other inter-service commands. The dashboard's REST API doesn't write to the audit log yet, but I gather that it is desired to make it do so -- that brings similar issues, if we are writing both the high level human "click", and also the underlying mon commands. It could get kind of hard to read when we're writing so much, and it would (I think?) be nice if we could stick to logging the actual user operation, rather than all the underlying steps in it. One option is to simply have the REST API write to a separate audit log channel, but that feels like we're sidestepping the general issue. Any thoughts? Do we want to keep the audit log as detailed as possible (including internal mgr->mon commands), or should we try and simplify it to have a single audit log entry per logical user operation? If we want the latter then I guess that would involve tagging internal interservice commands to suppress their audit logging, or similar. John
