starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-01-11 21:10:29 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

Option not to Log API Token Activities in Changelog #11506

New Issue
Closed
opened 2025-12-29 21:46:09 +01:00 by adam · 10 comments
adam commented 2025-12-29 21:46:09 +01:00
Owner
Copy Link

Originally created by @PPDanielWinner on GitHub (Aug 20, 2025).

NetBox version

v4.3.6

Feature type

New functionality

Proposed functionality

It would be beneficial to add an option that allows users to specify, when creating or editing an API token, whether the associated activities should be included in the changelog.

Use case

Currently, all changes made using API tokens are recorded in the changelog. This can lead to excessive logging and confusion, particularly for users running containers or automated scripts that regularly ping IPs and update NetBox entries. As a result, the changelog can quickly become cluttered with entries that do not provide meaningful insights.

Database changes

No response

External dependencies

No response

Originally created by @PPDanielWinner on GitHub (Aug 20, 2025). ### NetBox version v4.3.6 ### Feature type New functionality ### Proposed functionality It would be beneficial to add an option that allows users to specify, when creating or editing an API token, whether the associated activities should be included in the changelog. ### Use case Currently, all changes made using API tokens are recorded in the changelog. This can lead to excessive logging and confusion, particularly for users running containers or automated scripts that regularly ping IPs and update NetBox entries. As a result, the changelog can quickly become cluttered with entries that do not provide meaningful insights. ### Database changes _No response_ ### External dependencies _No response_
adam added the type: featurestatus: under review labels 2025-12-29 21:46:09 +01:00
adam closed this issue 2025-12-29 21:46:09 +01:00
adam commented 2025-12-29 21:46:10 +01:00
Author
Owner
Copy Link

@deeconwastaken commented on GitHub (Aug 20, 2025):

@GoepiGB wrote a custom script that we run daily to remove the changelog entries

`
class ChangeLogRetention(Script):
class Meta:
name = "Change Log Retention"
description = "Enforce custom retention for automated change log entries"
scheduling_enabled = True
commit_default = True
job_timeout = 5400

def run(self, data, commit):
    nbconfig = Config()
    
    configs = [
        {
            "user": "ip-active-check",
            "retention": 7
        }
        # ,
        # {
        #     "user": "ip-discover-once",
        #     "retention": 90
        # }
    ]
    
    maxretention = nbconfig.CHANGELOG_RETENTION
    
    for config in configs:
        user = config['user']
        self.log_debug(f"User: {user}")
        interval = maxretention - config["retention"]
        days = maxretention
        loop = True
        upinterval = 0
        noup = False
        
        while (loop):
            delete = False
            cutoff = timezone.now() - timedelta(days = days - interval)
            count = ObjectChange.objects.filter(user_name = user, time__lt = cutoff).count()                    
            
            if count > 350000 and interval > 1:
                interval = ceil(interval / 2)
                
                if upinterval > interval:
                    noup = True
            elif count < 75000:
                if noup:
                    delete = True
                else:
                    interval = interval + ceil(interval / 2)
                    upinterval = interval
            else:
                delete = True
                
            if (delete):
                self.log_debug(f"Interval: {interval}")
                days = days - interval
            
                if days <= config['retention']:
                    days = config["retention"]
                    loop = False
                
                cutoff = timezone.now() - timedelta(days = days)
                res = ObjectChange.objects.filter(user_name = user, time__lt = cutoff).delete()
                
                self.log_debug(f"days: {days}")
                self.log_debug(f"deleted: {res[0]}")
                
                delete = False
                noup = False
        
        self.log_success(f"Completed retention for user {user}")

`

@deeconwastaken commented on GitHub (Aug 20, 2025): @GoepiGB wrote a custom script that we run daily to remove the changelog entries ` class ChangeLogRetention(Script): class Meta: name = "Change Log Retention" description = "Enforce custom retention for automated change log entries" scheduling_enabled = True commit_default = True job_timeout = 5400 def run(self, data, commit): nbconfig = Config() configs = [ { "user": "ip-active-check", "retention": 7 } # , # { # "user": "ip-discover-once", # "retention": 90 # } ] maxretention = nbconfig.CHANGELOG_RETENTION for config in configs: user = config['user'] self.log_debug(f"User: {user}") interval = maxretention - config["retention"] days = maxretention loop = True upinterval = 0 noup = False while (loop): delete = False cutoff = timezone.now() - timedelta(days = days - interval) count = ObjectChange.objects.filter(user_name = user, time__lt = cutoff).count() if count > 350000 and interval > 1: interval = ceil(interval / 2) if upinterval > interval: noup = True elif count < 75000: if noup: delete = True else: interval = interval + ceil(interval / 2) upinterval = interval else: delete = True if (delete): self.log_debug(f"Interval: {interval}") days = days - interval if days <= config['retention']: days = config["retention"] loop = False cutoff = timezone.now() - timedelta(days = days) res = ObjectChange.objects.filter(user_name = user, time__lt = cutoff).delete() self.log_debug(f"days: {days}") self.log_debug(f"deleted: {res[0]}") delete = False noup = False self.log_success(f"Completed retention for user {user}") `
adam commented 2025-12-29 21:46:10 +01:00
Author
Owner
Copy Link

@PPDanielWinner commented on GitHub (Aug 20, 2025):

Thanks for the suggestion! However, I would prefer if the changes that are created by my container don't appear in the changelog at all in the first place.

@PPDanielWinner commented on GitHub (Aug 20, 2025): Thanks for the suggestion! However, I would prefer if the changes that are created by my container don't appear in the changelog at all in the first place.
adam commented 2025-12-29 21:46:10 +01:00
Author
Owner
Copy Link

@DenDanskeMine commented on GitHub (Aug 20, 2025):

Agree on this idea.

Would be a wonderful feature!

@DenDanskeMine commented on GitHub (Aug 20, 2025): Agree on this idea. Would be a wonderful feature!
adam commented 2025-12-29 21:46:11 +01:00
Author
Owner
Copy Link

@jeremystretch commented on GitHub (Aug 21, 2025):

It would be beneficial to add an option that allows users to specify [...] whether the associated activities should be included in the changelog.

I'm afraid that's going to be a hard no. Preserving the integrity of the changelog is crucial, and allowing users to simply opt out of recording certain changes would defeat its purpose. It would also break e.g. branching functionality in the netbox-branching plugin and presumably numerous other integrations.

This can lead to excessive logging and confusion, particularly for users running containers or automated scripts that regularly ping IPs and update NetBox entries.

It sounds like you're using NetBox to record monitoring data rather than to model intended state, which is likely a contributor to your predicament. Even still, such changes must be recorded in the event an audit becomes necessary.

From your description, it sounds like what you really want (rather than omitting events from the changelog) is the ability to associate certain metadata with a change, and to be able to filter the changelog based on that metadata so as to omit "noisy" events. We've just established a pattern for this in NetBox v4.4 under FR #19713, which introduces the ability to record a short arbitrary message with each change. If provided, the message is recorded on the changelog record(s) which result from the change.

Presumably, you don't actually care that a change was made via an API token, but are interested in somehow designating certain changes as attributable to some long-running, high-touch process. Is that accurate? If so, I think your use case would be better served by exploring the feasibility of attaching additional metadata.

@jeremystretch commented on GitHub (Aug 21, 2025): > It would be beneficial to add an option that allows users to specify [...] whether the associated activities should be included in the changelog. I'm afraid that's going to be a hard no. Preserving the integrity of the changelog is crucial, and allowing users to simply opt out of recording certain changes would defeat its purpose. It would also break e.g. branching functionality in the netbox-branching plugin and presumably numerous other integrations. > This can lead to excessive logging and confusion, particularly for users running containers or automated scripts that regularly ping IPs and update NetBox entries. It sounds like you're using NetBox to record monitoring data rather than to model intended state, which is likely a contributor to your predicament. Even still, such changes must be recorded in the event an audit becomes necessary. From your description, it sounds like what you really want (rather than omitting events from the changelog) is the ability to associate certain metadata with a change, and to be able to filter the changelog based on that metadata so as to omit "noisy" events. We've just established a pattern for this in NetBox v4.4 under FR #19713, which introduces the ability to record a short arbitrary message with each change. If provided, the message is recorded on the changelog record(s) which result from the change. Presumably, you don't actually care that a change was made via an API token, but are interested in somehow designating certain changes as attributable to some long-running, high-touch process. Is that accurate? If so, I think your use case would be better served by exploring the feasibility of attaching additional metadata.
adam commented 2025-12-29 21:46:11 +01:00
Author
Owner
Copy Link

@mr1716 commented on GitHub (Aug 22, 2025):

@jeremystretch, there’s also a security aspect to this as well. It wouldn’t be good security to make this a default as it would hide actions, which would undermine trust in some way

@mr1716 commented on GitHub (Aug 22, 2025): @jeremystretch, there’s also a security aspect to this as well. It wouldn’t be good security to make this a default as it would hide actions, which would undermine trust in some way
adam commented 2025-12-29 21:46:11 +01:00
Author
Owner
Copy Link

@rblase2 commented on GitHub (Aug 27, 2025):

I would really like to have this feature as well. Alternatively, it would be great to have an option to manually delete logs, since I currently have around 1 million logs and it’s starting to take up a lot of space in my database.

@rblase2 commented on GitHub (Aug 27, 2025): I would really like to have this feature as well. Alternatively, it would be great to have an option to manually delete logs, since I currently have around 1 million logs and it’s starting to take up a lot of space in my database.
adam commented 2025-12-29 21:46:11 +01:00
Author
Owner
Copy Link

@tyler-8 commented on GitHub (Aug 28, 2025):

I definitely don't think this should be possible. But to sort of go with @jeremystretch 's point - perhaps instead a way to set a "default" filter for all users to exclude changelog entries based on different criteria would help. The unfiltered data is still there, and easily shown if someone wants to, but otherwise users would be given a default filter view.

@tyler-8 commented on GitHub (Aug 28, 2025): I definitely don't think this should be possible. But to sort of go with @jeremystretch 's point - perhaps instead a way to set a "default" filter for all users to exclude changelog entries based on different criteria would help. The unfiltered data is still there, and easily shown if someone wants to, but otherwise users would be given a default filter view.
adam commented 2025-12-29 21:46:12 +01:00
Author
Owner
Copy Link

@PPDanielWinner commented on GitHub (Sep 2, 2025):

Having a standard filter would be great! Since many things are changed through API requests, I would prefer to see only what has actually been changed on the website in the changelog.

@PPDanielWinner commented on GitHub (Sep 2, 2025): Having a standard filter would be great! Since many things are changed through API requests, I would prefer to see only what has actually been changed on the website in the changelog.
adam commented 2025-12-29 21:46:12 +01:00
Author
Owner
Copy Link

@deeconwastaken commented on GitHub (Sep 3, 2025):

You can build your own change log, if you apply the "__n" to negate your jinja expression: {"user_id__n": "45"}

Image
@deeconwastaken commented on GitHub (Sep 3, 2025): You can build your own change log, if you apply the "__n" to negate your jinja expression: `{"user_id__n": "45"}` <img width="530" height="682" alt="Image" src="https://github.com/user-attachments/assets/195fcab1-12b0-458c-8798-c980ed43ec2d" />
adam commented 2025-12-29 21:46:12 +01:00
Author
Owner
Copy Link

@bctiemann commented on GitHub (Sep 4, 2025):

Closing this one as Not Planned in its current form; however please consider opening another FR targeted at adding filterable metadata to the change logs.
(Similar to FR #19713)
(See also #13436)

@bctiemann commented on GitHub (Sep 4, 2025): Closing this one as Not Planned in its current form; however please consider opening another FR targeted at adding filterable metadata to the change logs. (Similar to FR #19713) (See also #13436)
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
beta
breaking change
complexity: high
complexity: low
complexity: medium
needs milestone
netbox
pending closure
plugin candidate
pull-request
Mirrored from GitHub Pull Request
 severity: high
severity: low
severity: medium
status: accepted
status: backlog
status: blocked
status: duplicate
status: needs owner
status: needs triage
status: revisions needed
status: under review
topic: GraphQL
topic: Internationalization
topic: OpenAPI
topic: UI/UX
topic: cabling
topic: event rules
topic: htmx navigation
topic: industrialization
topic: migrations
topic: plugins
topic: scripts
topic: templating
topic: testing
type: bug
type: deprecation
type: documentation
type: feature
type: housekeeping
type: translation
No Label status: under review type: feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/netbox#11506
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?