Skip to content

Configure Maximum Payload Size for Audit Server

The maximum allowable payload size of data sent to the Audit Server is configurable using the steps below:

  1. SSH into the instance where Privacera Manager is installed and navigate to the privacera-manager directory.

  2. Run the following command to copy the sample vars. The -n flag ensures that the file is not overwritten if it already exists.

    Bash
    cp -n config/sample-vars/vars.auditserver.yml config/custom-vars/
    

  3. Run the following command to open the .yml file for editing:

    Bash
    vi config/custom-vars/vars.auditserver.yml
    

  4. Add or update the following properties:

    YAML
    # Maximum inbound payload size for the Audit Server (in MB).
    AUDITSERVER_MAX_CONTENT_LENGTH_MB: "100"
    
    # Ranger FileSpool per-file size cap as a percentage of AUDITSERVER_MAX_CONTENT_LENGTH.
    # A ~30% buffer prevents a rolled-up spool file from being sent as a single HTTP batch
    # that exceeds the audit server's inbound size limit and is rejected with HTTP 413.
    AUDITSERVER_RANGER_FILESPOOL_MAX_SIZE_PERCENT: "70"
    
    # Computed Ranger FileSpool max file size in bytes.
    # Defaults to AUDITSERVER_RANGER_FILESPOOL_MAX_SIZE_PERCENT % of AUDITSERVER_MAX_CONTENT_LENGTH.
    # Override with a static byte value to bypass the percent formula entirely
    # (for example, "52428800" for a fixed 50 MB).
    AUDITSERVER_RANGER_FILESPOOL_MAX_SIZE_BYTES: "{{ (AUDITSERVER_MAX_CONTENT_LENGTH | int * AUDITSERVER_RANGER_FILESPOOL_MAX_SIZE_PERCENT | int / 100) | int }}"
    

  5. Save the file and restart the service by following these steps:

    Bash
    1
    2
    3
    cd ~/privacera/privacera-manager
    ./privacera-manager.sh setup
    ./pm_with_helm.sh upgrade 
    

Tip

  • The default maximum payload size is 100 MB. Adjust AUDITSERVER_MAX_CONTENT_LENGTH_MB as needed.
  • AUDITSERVER_RANGER_FILESPOOL_MAX_SIZE_PERCENT controls what fraction of the inbound limit is used as the per-file spool cap. The default of 70% leaves a buffer so that no single spool file exceeds the server limit.
  • To set an absolute cap instead of a percentage, override AUDITSERVER_RANGER_FILESPOOL_MAX_SIZE_BYTES directly with a static byte value.
  • If Fluentd is configured, ensure that the following properties are updated accordingly:
    • AUDIT_FLUENTD_BODY_SIZE_LIMIT_MB
    • AUDIT_FLUENTD_S3_FILE_SIZE (destination specific)

Refer Fluentd Payload and Buffer Configuration for more details.