- ABP Framework version: v5.3.4
- UI type: Angular
- DB provider: EF Core
- Tiered (MVC) or Identity Server Separated (Angular): yes
- Exception message and stack trace: N/A
- Steps to reproduce the issue:" -1. Add Health Controller -2. Hit Health Controller
We're running a microservices template. We have multiple health checks to ensure each service is reachable. Our Kubernetes environment, by default, was hitting the home path which would load the Swagger docs page. This resulted in loads of ELK logging. Our solution was to implemented a super lightweight Health controller that just returns a simple 200 response. While we have successfully reduced ELK logging, we noticed that ABP Audit logs are being created for each health check (many services getting health checks 2x per minute).
We've reviewed the Audit Logging documentation, but we cannot get the [DisableAuditing] attribute to work. Here is our lightweight Health Controller:
using Microsoft.AspNetCore.Mvc;
using Volo.Abp;
using Volo.Abp.AspNetCore.Mvc;
using Volo.Abp.Auditing;
namespace Acme.InvitationService.Controllers
{
[RemoteService(Name = "DemoService")]
[Area("demoService")]
[ControllerName("Health")]
[Route("api/demo-service/health")]
[DisableAuditing]
public class HealthController : AbpController
{
[DisableAuditing]
[HttpGet]
[ApiExplorerSettings(IgnoreApi = true)]
public ActionResult Index()
{
return Ok("DemoService is reachable!");
}
}
}
You can see that we've put the attribute at the Controller and Action level (and have tried both separately). We have configured IsEnabledForGetRequests to true in the AbpAuditingOptions and would prefer to not turn this off as we're in a highly-regulated industry.
Any help identifying what we're doing wrong will be appreciated. Or, some guidance on how to debug what's going wrong. Thank you!
5 Answer(s)
-
0
hi
Can you try the
IgnoredUrls?Configure<AbpAspNetCoreAuditingOptions>(options => { options.IgnoredUrls.AddIfNotContains("xxx"); }); -
0
AbpAspNetCoreAuditingOptions
This does work. Thank you!
However, was I misunderstanding how it should work? Should the
[DisableAuditing]attribute work in the controller example I posted? DoesIsEnabledForGetRequests=trueignore that attribute? -
0
hi
There is the audit logic.
https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Auditing/AbpAuditingMiddleware.cs#L39
-
0
hi
There is the audit logic.
https://github.com/abpframework/abp/blob/dev/framework/src/Volo.Abp.AspNetCore/Volo/Abp/AspNetCore/Auditing/AbpAuditingMiddleware.cs#L39
I've read through the logic, but I still don't understand why the [DisableAuditing] attribute has no effect. The documentation leads me to believe that the attribute should exclude the controller/action from audting: https://docs.abp.io/en/abp/5.3/Audit-Logging#enable-disable-for-controllers-actions
By adding the path to the ignored URL collection, this does work. And I can see in the logic why that works.
When I don't have the path ignored (and IsEnabledForGetRequests is true), it appears to me that the
ShouldWriteAuditLogAsync()method in the logic you reference should return false by checking for the[DisableAuditing]attribute, but it's returning true either from something inAuditingOptions.AlwaysLogSelectorsor just getting the default true response of the method.Is there an "AlwaysLogSelector" that overrides the DisableAuditing attribute?
-
0
s there an "AlwaysLogSelector" that overrides the DisableAuditing attribute?
No. There is only
[Auditing]attribute.I will recheck the logic of the
AbpAuditingMiddleware, Thanks.
