Conversation
Added a new metric for total coordinator dispatch time in ms. Co-authored-by: Rachel Elledge <86307637+rrelledge@users.noreply.github.com>
…g with new API examples
|
|
|
|
||
| | Port | Process name | Usage | | ||
| |------|--------------|-------| | ||
| | 3357 | reconciliation_tree_grpc | Internal communication | |
There was a problem hiding this comment.
Duplicate port 3357 table
Low Severity
The reserved-ports section lists port 3357 (reconciliation_tree_grpc) twice in back-to-back identical markdown tables, which reads like an accidental copy-paste in new 8.2.x release notes.
Reviewed by Cursor Bugbot for commit 462c3aa. Configure here.
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes using default effort and found 1 potential issue.
There are 2 total unresolved issues (including 1 from previous review).
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, have a team admin enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit d5c60c2. Configure here.
|
|
||
| - _audit\_reconnect\_max\_attempts_ defines the maximum number of attempts to reconnect. Default is 0. (infinite) | ||
| - _audit\_reconnect\_max\_attempts_ sets the maximum number of reconnection attempts. Default is 0 (infinite). | ||
|
|
There was a problem hiding this comment.
Missing a description for the "audit_queue_max_bytes" field:
Maximum amount of audit data that can wait in the outgoing audit queue. When the queue has no remaining capacity, new audit records can be dropped.
| {{< /multitabs >}} | ||
|
|
||
| - _audit\_address_ defines the TCP/IP address where one can listen for notifications | ||
| - _audit\_protocol_ sets the protocol used to send notifications. For production systems, _TCP_ is the only supported value. |
There was a problem hiding this comment.
Add "Use local only for development and testing"
| Auditing is turned off by default for performance reasons. It runs asynchronously in the background and is non-blocking: the action that triggered a notification continues regardless of the notification's status or the listener's availability. | ||
|
|
||
| ## Enable audit notifications | ||
| Redis Software always favors database availability over audit completeness. If auditing fails—for example, because an internal buffer overflows or the audit destination is unreachable—database operations continue uninterrupted. Audit buffers are size-limited to prevent memory exhaustion, and dropped records are reported through the [auditing metrics](#monitor-auditing-metrics). |
There was a problem hiding this comment.
Add: "Successfully sending a record to the configured endpoint does not guarantee that the downstream consumer received, stored, or processed it."
| {{< /multitabs >}} | ||
|
|
||
| The socket file and path must be accessible by the user and group running Redis Software. | ||
|
|
There was a problem hiding this comment.
Add a section for "Audit modes":
Auditing is configured independently for each database with audit_settings.audit_mode.
Maybe add a 2-column table for "value" and "Description":
disabled: Disables connection, authentication, and command audit records for the database. This is the default mode.
connection: Audits database connection, disconnection, and authentication events only.
connection_and_crud: Audits connection and authentication events and individual database commands.
Command auditing cannot be enabled without connection auditing. The connection_and_crud mode always includes the connection and authentication events generated by connection mode.
| | `10` | The command failed. The `error` field contains the returned error message. | | ||
|
|
||
| ## Monitor auditing metrics | ||
|
|
There was a problem hiding this comment.
Let's incorporate the below content in the metrics section (or any other location you think is better...):
Audit delivery during sink interruptions
If the audit destination becomes unavailable, Redis Software continues serving database traffic and attempts to reconnect according to audit_reconnect_interval and audit_reconnect_max_attempts.
Audit records can wait in the outgoing audit queue while delivery is unavailable. The amount of queued data is limited by audit_queue_max_bytes. Redis Software can discard audit records in the following situations:
- The outgoing queue has reached its configured capacity.
- A single audit record exceeds the supported queue or record-size limit.
- No active connection to the audit destination is available when the record must be delivered.
- An attempt to send the record fails.
- Queuing is disabled or unavailable.
Audit delivery is best effort. Database operations are not delayed or rejected because audit records cannot be delivered.
Use the following metrics to identify delivery problems:
- audit_sink_pending_bytes indicates how much audit data is currently waiting to be sent.
- audit_sink_dropped_messages and audit_sink_dropped_bytes indicate total audit data discarded before delivery.
- audit_sink_dropped_queue_full_messages indicates that the outgoing queue did not have enough capacity.
- audit_sink_dropped_record_too_large_messages indicates that an individual audit record exceeded the permitted size.
- audit_sink_reconnect_attempts_exhausted indicates that the configured reconnect-attempt limit was reached.
| {{</note>}} | ||
|
|
||
| When a tracked event occurs, Redis Software sends a notification over TCP to the address and port you configure when you enable auditing. Notifications arrive in near real time for an external listener to consume, such as a TCP listener, third-party service, or related utility. | ||
|
|
There was a problem hiding this comment.
State the tool-agnostic integration model explicitly. The page lists example listeners, but does not clearly say that Redis Software does not require or enforce any particular SIEM/DAM vendor.
| | active_defrag_threshold_upper | integer, (range: 0-1000) (default: 100); Maximum percentage of fragmentation at which maximum effort is used | | ||
| | activedefrag | Enable or turn off active defragmentation functionality.<br />Values:<br />'yes'<br />**'no'** | | ||
| | aof_policy | Policy for Append-Only File data persistence<br />Values:<br />**'appendfsync-every-sec'** <br />'appendfsync-always' | | ||
| | audit_settings | [complex object](https://redis.io/docs/latest/operate/rs/references/rest-api/objects/bdb/audit_settings/); Configures per-database connection and CRUD auditing mode, username/source-IP filtering, and key-byte capture limits. See [Audit database events](https://redis.io/docs/latest/operate/rs/security/audit-events/). | |
There was a problem hiding this comment.
the "audit_settings" link returns 404...
yoavredis
left a comment
There was a problem hiding this comment.
@kaitlynmichael I've added comments for auditing, 10x


These are drafts and this PR is still a work in progress.
Note
Low Risk
Documentation-only changes with no runtime impact; reviewers should verify draft/TBA sections and breaking-change wording against the final 8.2 GA build.
Overview
Draft documentation for Redis Software 8.2 (July 2026), including new release-note pages and updates to lifecycle, upgrade, platform, and bundled Redis DB reference embeds.
8.2.0 highlights documented in release notes: database-scoped
db_member/db_viewerroles via a newresourcesfield on roles; data-path CRUD auditing throughaudit_settings(replacing deprecateddb_conns_auditing); FIPS 140-3 on RHEL 9; plus breaking changes (restricted local imports, write-onlysmtp_password, custom module upload off by default) and assorted enhancements.API and operations docs add the
audit_settingsREST object, expand audit-events for command auditing, filters, validation errors, andaudit_sink_*metrics, document roleresourcesin access-control guides, and clarify database availability (bdb_unavailable_*error suffixes and endpoint criteria). Prometheus v2 gainsredis_server_search_total_coord_dispatch_time_ms. Supported-platform tables add an 8.2 column and reflect Amazon Linux 2 no longer supported on 8.2 (AL2023 on 8.2).Reviewed by Cursor Bugbot for commit 8215bbd. Bugbot is set up for automated code reviews on this repo. Configure here.