Feature Request - Additional Control over Chocolatey logging

[Geogboe]

Feature Request - Additional Control over Chocolatey logging

Overview

When installing a Chocolatey package there may be times when you need to control the logging behavior. Currently, some logging control has been implemented with Pass sensitive arguments to installers #948 but I'd like to submit a request for more control over logging.

What You Are Seeing?

When running choco install <application> -y verbose logs are dumped into c:\ProgramData\chocolatey\logs\chocolatey.log and c:\ProgramData\chocolatey\logs\choco.summary.log

Why does this matter?

• In the event your install script is already logging to eventvwr or some other location, this would be an unnecessary duplication of logs
• These logs could contain secrets

When environment variables have been set and are being utilized by Install-ChocolateyPackage or Install-ChocolateyInstallPackage (or other Chocolatey functions) and choco install <application> -y is running, those variables will be expanded and dumped into the Chocolatey logs.

** Why does this matter?**

• These environment vars could contain secrets. Currently the only way to prevent this is by either calling your own installer process using Start-Process <process> -ArgumentList $secret or by using Chocolatey for Business and running choco.exe <application> --secret-param

When running chocolatey commands, all logging appears to be verbose and can't be reduced.

** Why does this matter?**

• During troubleshooting it make is more difficult to find the errors you're looking for

Possible Ideas

1. Enable a choco.exe command line parameter which disables ALL logging during that run. This is similar to the command that already exists which reduces console output.

Example:

choco.exe install <application> -y --no-log

2. Enable a configuration option which blocks ALL logging globally or on a source level. This option could be saved in the Chocolatey config file and either modified with choco.exe config or set during the choco source add. Applications required for security purposes could thus be better hidden.

3. Modifications to size, retention policy, and logging directives.

For instance,

• Require log files stay under 1mb

• Split logs into different files for different sources to enable easier auditing

• Require logs be deleted after 30 days.

• This could be achieved via cmdline choco config

First feature request Sorry in advance if this isn't the correct structure. I deleted the template blocks because they seemed to only pertain to issues.

[ferventcoder]

Similar to #682 and #948.

[ferventcoder]

@Geogboe

When environment variables have been set and are being utilized by Install-ChocolateyPackage or Install-ChocolateyInstallPackage (or other Chocolatey functions) and choco install -y is running, those variables will be expanded and dumped into the Chocolatey logs.

I'm a little confused by this. We don't expand and log environment variables by default for this very reason. Where are you seeing this?

You can turn on an optional feature that would do this, but because of the security considerations that surround this, it is turned off by default. #563 - fe640fb

[ferventcoder]

When running chocolatey commands, all logging appears to be verbose and can't be reduced.

We typically search the files for what you are looking for - and there are lots of tools out there that can help bubble only the relevant log items. It's easy to reduce the input through searching, but you can't get more verbose/debugging details if it is not in the logs, and many times that surrounding information is helpful, at least for us.

[ferventcoder]

1. Enable a choco.exe command line parameter which disables ALL logging during that run. This is similar to the command that already exists which reduces console output.

I like it. We can't promise this will be in the open source edition considering it's hard to see where this would be useful for an open source user, but we definitely see a use for it in commercial editions, where features like this that make sense for organizations typically end up (even if they would later trickle down to open source).

[ferventcoder]

2. Enable a configuration option which blocks ALL logging globally or on a source level. This option could be saved in the Chocolatey config file and either modified with choco.exe config or set during the choco source add. Applications required for security purposes could thus be better hidden.

Similar to the last one, definitely like this aspect.

[ferventcoder]

3. Modifications to size, retention policy, and logging directives.

This is actually already filed as #890. Please continue that aspect of the conversation over there.

[LawrenceIRL]

Enable a choco.exe command line parameter which disables ALL logging during that run. This is similar to the command that already exists which reduces console output.

I like it. We can't promise this will be in the open source edition considering it's hard to see where this would be useful for an open source user, but we definitely see a use for it in commercial editions, where features like this that make sense for organizations typically end up (even if they would later trickle down to open source).

+1 on this feature. I could see a use for it in our environment. I'd like to set it on a per-command basis even if I can't set it globally.