Sounds counter intuitive to say this but, there is too much auditlog in certain conditions.
The server is a *weeks* old and started from zero. So after getting all the templates and hosts into it:
The auditlog table quickly have more data than history itself. It looks a bit abusive.
The database is somewhat busy and to clean this up, there is no other option as to stop zabbix and truncate the table (or wait for a long time to drop rows up to a reasonable amount)
It is obvious that we need Audit Log and we need "all of it" but still we should have a way to either do one, another or all of the suggested:
1) control it, enabling or disabling amounts of data seen from the System internals
2) filter, enabling or disabling particles of information from any part of the system / users logging
3) have a more stringent limitation - like setting the housekeeping in terms or hours and not days – perhaps setting in terms of amounts of registries per type of action / user / source (that sounds cumbersome)
4) separated housekeeping proc to deal with audit log – possibly with filtering
5) method to monitor / alert specifically audit log on its size and entries per minute and so on
6) maybe making an advanced setting for items / actions at the item or elsewhere, to enable / disable if this or that should end up on the audit log.
Like what I see now that all values discovered and attributed to some value are on the audit log.. I don't need that! Its like I have the same monitoring twice!
I understand that for utmost strict places, like banks this might be necessary to comply on the most highest levels of auditing and ISO certification, but yeah... its too much for a regular, busy system that doesn't need that.
Right now, we would like to have a long standing record of user actions but unfortunately we can't because if I leave this to be "housekeeped" in 30 days, I will have no disk space left.
I hope to have explained / argued sufficiently.