WAL failover log config needs auditable: false

[rmloveland]

Fixes DOC-13861

[github-actions]

Files changed:

• src/current/_includes/v24.1/wal-failover-log-config.md:
• src/current/v24.1/wal-failover.md
• src/current/v24.1/cockroach-start.md
• src/current/_includes/v24.3/wal-failover-log-config.md:
• src/current/v24.3/wal-failover.md
• src/current/v24.3/cockroach-start.md
• src/current/_includes/v25.1/wal-failover-log-config.md:
• src/current/v25.1/wal-failover.md
• src/current/v25.1/cockroach-start.md
• src/current/_includes/v25.2/wal-failover-log-config.md:
• src/current/v25.2/wal-failover.md
• src/current/v25.2/cockroach-start.md
• src/current/_includes/v25.3/wal-failover-log-config.md:
• src/current/v25.3/wal-failover.md
• src/current/v25.3/cockroach-start.md

[netlify]

✅ Deploy Preview for cockroachdb-interactivetutorials-docs canceled.

Name	Link
🔨 Latest commit	f65733e
🔍 Latest deploy log	https://app.netlify.com/projects/cockroachdb-interactivetutorials-docs/deploys/684c6006cecf4b0008dab1aa

[netlify]

✅ Deploy Preview for cockroachdb-api-docs canceled.

Name	Link
🔨 Latest commit	f65733e
🔍 Latest deploy log	https://app.netlify.com/projects/cockroachdb-api-docs/deploys/684c6006ccaac500083ab29d

[rmloveland]

via the linked issue DOC-13861, if the user doesn't have auditable: false they get the following error:

+file group "sql-auth": File-based audit logging cannot coexist with buffering configuration. Disable either the buffering configuration ("buffering") or auditable log ("auditable") configuration.

[netlify]

✅ Netlify Preview

Name	Link
🔨 Latest commit	f65733e
🔍 Latest deploy log	https://app.netlify.com/projects/cockroachdb-docs/deploys/684c6006cb31e00008c1a46c
😎 Deploy Preview	https://deploy-preview-19719--cockroachdb-docs.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[lin-crl]

@rmloveland

Just want to let you know the default logging have auditable on for the following three channels. In implementation, we needed to turn them off. Not sure how you'd like to handle it in the documentation for WAL.
Otherwise it LGTM

    security:
      channels: [PRIVILEGES, USER_ADMIN]
      auditable: true
    sql-audit:
      channels: [SENSITIVE_ACCESS]
      auditable: true
    sql-auth:
      channels: [SESSIONS]
      auditable: true

[jbowens]

Just want to let you know the default logging have auditable on for the following three channels. In implementation, we needed to turn them off. Not sure how you'd like to handle it in the documentation for WAL.
Otherwise it LGTM

Do we know why we suggest that default? It seems ill-advised. auditable:true is generally bad for resiliency to latency.

[rmloveland]

Just want to let you know the default logging have auditable on for the following three channels. In implementation, we needed to turn them off.

ack!

Do we know why we suggest that default? It seems ill-advised. auditable:true is generally bad for resiliency to latency.

idk why - It was done in a 4 year old PR: #11818, specifically this commit by the engineer who I think was working on the logging at that time.

Not sure how you'd like to handle it in the documentation for WAL.

I'd rather not do the other changes to the default logging config in this PR

I filed a docs issue (DOC-13963) to investigate and remove the auditable: true so we can make sure it gets some additional vetting by whatever team is the logging owner now