diff --git a/docs/apis.md b/docs/apis.md
index b171e179..f917b90f 100644
--- a/docs/apis.md
+++ b/docs/apis.md
@@ -17,7 +17,7 @@ It also has APIs to monitor Fabric Console activity.
- Get imported peer/ca/orderer data
- Remove imported peer/ca/orderer
- Get all imported components
-- Get console settings
+- Get/edit console settings
- Get console notifications (activity events, such as user login)
- Get signature collection details
- Create/Get/Delete console API keys
diff --git a/packages/athena/.nsprc b/packages/athena/.nsprc
index e55b96e2..d86ca2b6 100644
--- a/packages/athena/.nsprc
+++ b/packages/athena/.nsprc
@@ -2,5 +2,9 @@
"1091459": {
"active": true,
"notes": "Ignored since we don't use ssrf-req-filter"
+ },
+ "1091725": {
+ "active": true,
+ "notes": "same as 1091459"
}
}
diff --git a/packages/athena/docs/_event_tracking_notes.md b/packages/athena/docs/_event_tracking_notes.md
index a2fd724a..c452e336 100644
--- a/packages/athena/docs/_event_tracking_notes.md
+++ b/packages/athena/docs/_event_tracking_notes.md
@@ -48,8 +48,7 @@ The console still has code related to segment, but no segment events are sent/re
Events are triggered from http requests to the Console (not all requests, see below).
The events are written to the file `audit.log` in the [./packages/athena/logs/](../logs) folder, the setting `activity_tracker_filename` can be used to change the filename.
-See the [configuration options](../env/README.md#default) readme for more setting details.
-The log file is rotated by athena's winston lib once it reaches 2MB, up to 5 files.
+The log files are rotated once it reaches 2MB, up to 5 files by the [winston npm logging module](https://www.npmjs.com/package/winston).
Meaning if 6MB of logging was generated, you would see the 3 files each with 2MB of data, named: `audit.log`, `audit1.log` and `audit2.log`.
Note that since the logging is using the pod's filesystem all activity logs are wiped/reset when a pod restarts.
@@ -59,6 +58,16 @@ You can easily see if activity tracker is enabled by finding the server side log
- `[event tracker] enabled logging for activity tracker`
- `[event tracker] disabled logging for activity tracker`
+**How to turn it on/off:**
+
+The setting `activity_tracker_filename` will control if these audit/tracker logs are enabled or not.
+If this setting is `null` it is disabled.
+Otherwise this setting holds the name of the first file to use.
+
+This setting can be set like any other console configuration setting.
+You can use an api, edit your [config file](../env/README.md#config), or change the setting in the database directly.
+See the [configuration options](../env/README.md#how-to-change-a-setting) readme for general console setting details.
+
**What is tracked:**
In an effort to not overwhelm the logs, only "important" events are added to the log.
diff --git a/packages/athena/docs/other_apis.md b/packages/athena/docs/other_apis.md
index 53dbc0cc..941e8fe9 100644
--- a/packages/athena/docs/other_apis.md
+++ b/packages/athena/docs/other_apis.md
@@ -231,11 +231,11 @@ See private OpTools settings.
## 6. Edit a single field in the settings doc
Edit any settings doc field.
Use with caution.
-You may need to restart the server for some fields to take effect (logging).
+You may need to restart the server for some fields to take effect (like logging).
**Check out api #7 (below) before using this one.** It has input validation.
- **Method**: PUT
-- **Route**: `/api/v[123]/settings/key` (legacy route: `/api/v[123]/authscheme/key`)
+- **Route**: `/ak/api/v[123]/settings/key` (legacy route: `/api/v[123]/authscheme/key`)
- **Auth**: need `blockchain.optools.settings` action
- **Body**:
```js
diff --git a/packages/athena/env/README.md b/packages/athena/env/README.md
index 22126ced..9f9e9e55 100644
--- a/packages/athena/env/README.md
+++ b/packages/athena/env/README.md
@@ -1,9 +1,19 @@
# Configuration Options
-There are 4 places where athena will pick up settings. In order of hierarchy:
+There are a few places where athena will pick up settings. In order of hierarchy:
1. [Environment Variable File](#env) - JSON file that will load all keys as env variables on startup. Not required if env variables are already set.
-1. Environment Variables - Existing env variables will override the config file & default settings file.
+1. Environment Variables - Existing env variables will override the config file & settings file.
1. [Configuration File](#config) - YAML/JSON file will overwrite default settings. Not required if default settings are fine.
-1. [Default Settings File](#default) - Internal JSON file for default values. Users should not modify this file. Changes to defaults can be accomplished with the configuration file.
+1. Settings Doc - The system database has a couchdb doc called `00_settings_athena`. This doc holds the active settings that control the console. While possible, it's not intended for users of the console to edit this doc directly. The configuration file should be used instead.
+1. [Default Settings File](#default) - Internal JSON file for default values. Users should not modify this file. Changes to active settings should be accomplished with the configuration file. This file is only read on startup to get a default value for each setting.
+
+# How to change a setting?
+
+The best way to change a console setting is to change or provide a [Configuration File](#config).
+This file is read on startup, and it will override default and current setting values.
+
+The second best way is to use the [change-console-setting-API-#6](../docs/other_apis.md).
+Like any other console API, the appropriate auth must be created.
+See our [basic API instructions](../docs/permission_apis.md#console-route-differences) and the section on [creating an API key](../docs/permission_apis.md#1-create-an-api-key).
@@ -12,7 +22,7 @@ There are 4 places where athena will pick up settings. In order of hierarchy:
When deploying athena an environmental JSON file should live in this folder `./en/dev.json`.
*If these env variables are already set by some other means then this file can be omitted.*
This file has the minimum settings to reach couch db.
-Once athena reaches couch db it will load the rest of the settings via the default settings doc `00_settings_athena` doc or the config yaml.
+Once athena reaches couch db it will load the rest of the settings by reading the settings doc `00_settings_athena` doc in the system database and then it will read/apply the [configuration yaml](#config) file (if present).
**The file dne**, it must be created if the required fields are not already set.
@@ -115,12 +125,12 @@ __Example:__
# Configuration File
-This YAML/JSON file will **overwrite any variable** in the default settings doc.
+This YAML/JSON file will **overwrite any variable** in the settings doc.
On startup this file will be checked against the settings doc in the databases.
Any missing fields will be populated, and any fields with a different value will be replaced.
-Note to devs: Add variables to this file when the end user will not be able to change it via the UI.
-Because during restarts the value in these fields will replace any writes to the settings doc.
+Note: Only add variables to this file when the end user should *not* be able to change it via the UI.
+This is because the APIs that the UI uses can only edit the settings doc, the config file is never edited by the UI, and so everytime the console restarts... the active settings will reload to reflect values in the config file.
**The config file to use can be set with the env variable `CONFIGURE_FILE`.** If not set or empty, no file will be loaded.
@@ -223,10 +233,11 @@ __default_settings_doc.json:__
}
},
-// initial filename for the Activity Tracker event files
-// if null activity tracker is disabled
-// files will rotated by winston
+// the base filename for the Activity Tracker event files (aka audit logs)
+// if null events will not be logged/tracked
// defaults 'audit.log'
+// files are always written to the folder ./packages/athena/logs/
+// see doc in ./packages/athena/docs/_event_tracking_notes.md for more information
"activity_tracker_filename": 'audit.log'
// email address on the UI to surface to users for help