Settings
Overview
The Settings page allows administrators to configure system-wide options including data retention, performance parameters, and logging levels.
Navigation
Menu: System > Settings
Page Layout
A single card with centered content (max-width 800px) containing:
| Control | Location | Description |
|---|---|---|
| Reload | Card header | Reload settings from server |
| Save All | Card header | Save all modified settings |
| Form | Card body | Settings form with sections |
The Save All button is disabled until changes are made.
Configuration Sections
Data Retention
Controls how long data is kept in the system.
| Setting | Field | Range | Description |
|---|---|---|---|
| Retention Days | retention_days | 7-365 | Days to keep soft-deleted records |
| Audit Retention Days | audit_retention_days | 7-365 | Days to keep audit logs |
Retention Days: When records are deleted, they are soft-deleted first. After this many days, they are permanently purged from the database.
Audit Retention Days: Audit log entries older than this period can be cleaned up using the Cleanup button on the Audit Logs page.
Performance
Controls system performance and resource usage.
| Setting | Field | Range | Description |
|---|---|---|---|
| Rate Limit (req/sec) | rate_limit_per_second | 10-1000 | Maximum API requests per second per client |
| Worker Concurrency | worker_concurrency | 1-50 | Number of parallel jobs the worker processes |
| Auto-refresh Interval | auto_refresh_interval | 5-60 | Seconds between UI auto-refresh |
Rate Limit: Protects the API from overload. Clients exceeding this limit receive HTTP 429 (Too Many Requests) errors. Higher values allow more throughput but may strain server resources.
Worker Concurrency: Higher values process more jobs simultaneously but use more CPU and memory. Set based on server capacity and typical workload.
Auto-refresh Interval: How often the UI automatically updates when viewing active scans or jobs. Lower values provide more real-time updates but increase API load.
Logging
Controls application logging behavior.
| Setting | Field | Range | Description |
|---|---|---|---|
| Log Level | log_level | Select | Application logging verbosity |
| Max Upload Size (MB) | max_upload_size_mb | 1-100 | Maximum file size for uploads |
Log Level Options:
| Level | Description | Use Case |
|---|---|---|
| debug | Verbose output including detailed diagnostics | Troubleshooting |
| info | Normal operational messages | Production |
| warn | Warning conditions that may need attention | Reduced noise |
| error | Error conditions only | Minimal logging |
Max Upload Size: Limits the size of uploaded files such as SSH private keys.
Known Issues
The Known Issues section allows you to exclude specific CIS rules from compliance score calculation and remediation scripts.
Why Use Known Issues
- False positives: Rules that always fail due to environment specifics
- Non-applicable rules: Rules not relevant to your infrastructure
- Accepted risks: Rules intentionally not implemented for business reasons
- Temporary exclusions: Rules requiring remediation later
Known Issues Table
| Column | Description |
|---|---|
| Rule ID | CIS rule identifier pattern (supports * for wildcard) |
| Description | Reason for adding to the list |
| Enabled | Toggle to activate/deactivate |
| Actions | Delete button |
Adding a Known Issue
- Click Add Known Issue
- Fill in the fields:
- Rule ID: Exact ID or pattern with wildcard (e.g.,
xccdf_org.ssgproject.*audit*) - Description: Explanation of why the rule is excluded
- Rule ID: Exact ID or pattern with wildcard (e.g.,
- Click Add
Wildcard Patterns
The * character is supported for partial ID matching:
| Pattern | Matches |
|---|---|
xccdf_org.ssgproject.content_rule_audit_* | All audit rules |
*_partition_* | All partition rules |
xccdf_org.ssgproject.content_rule_file_* | All file rules |
System Impact
When a rule is in the known issues list:
- Adjusted Score: Compliance score is recalculated without excluded rules
- Remediation Scripts: Excluded rules are not included in generated Ansible playbooks
- Display: The remediation jobs table shows:
- Rules to fix: X (actual count)
- Excluded (Known Issues): Y
Example Usage
If audit rules systematically fail due to your environment:
- Add pattern
*audit*with description “Audit rules not applicable in containerized environment” - Enable the toggle
- Compliance score will be adjusted
- Remediation scripts will not include audit rules
Saving Settings
Settings are modified locally until explicitly saved:
- Modify desired settings using the form controls
- The Save All button becomes enabled
- Click Save All button
- Each setting is saved to the server
- Success message shows count of saved settings
- Settings take effect immediately (some may require service restart)
Reloading Settings
Click Reload button to:
- Discard any unsaved changes
- Fetch current values from server
- Reset the form to server state
Theme and Language
Theme Toggle
The theme toggle is available in the main navigation:
- Click the theme icon in the navigation bar
- Switch between light and dark mode
- Preference is saved in browser local storage
- Persists across sessions
Language Selector
- Click the language dropdown (EN/RU) in the navigation bar
- Select preferred language
- Interface updates immediately
- Preference is saved in local storage
Best Practices
Data Retention
- Set retention based on compliance requirements (PCI-DSS, HIPAA, GDPR)
- Longer retention uses more database storage
- Consider legal/regulatory requirements for your industry
- Audit retention typically should be longer (90+ days)
Performance Tuning
| Workload | Rate Limit | Worker Concurrency |
|---|---|---|
| Light (<100 hosts) | 100 | 3-5 |
| Medium (100-500 hosts) | 200 | 5-10 |
| Heavy (>500 hosts) | 500+ | 10-20 |
Recommendations:
- Increase worker concurrency for faster job processing
- Decrease if system shows high CPU/memory usage
- Monitor queue depth on Jobs page
- Balance throughput vs resource usage
Logging
- Use debug only for troubleshooting specific issues
- Use info for normal production operations
- Use warn or error to reduce log volume
- Ensure log rotation is configured at OS level
Regular Review
- Review settings quarterly or after infrastructure changes
- Adjust based on observed usage patterns
- Monitor system performance metrics
- Update retention before compliance audits
Troubleshooting
Settings Not Saving
- Check network connection (browser dev tools)
- Verify user has admin permissions
- Check browser console for JavaScript errors
- Try refreshing the page
- Verify API server is accessible
Rate Limit Issues
If users are being rate limited (HTTP 429 errors):
- Check current rate limit setting
- Increase rate limit temporarily
- Review client behavior for excessive requests
- Check for automated scripts or misconfigured tools
- Consider implementing client-side request throttling
Worker Performance
If jobs are slow or backing up:
- Check current worker concurrency setting
- Increase concurrency if server has capacity
- Check server resources (CPU, RAM) for bottlenecks
- Review job queue depth on Jobs page
- Check for failed jobs that may need investigation
- Verify network connectivity to managed hosts
Logging Issues
If logs are too verbose or consuming disk space:
- Set log level to warn or error
- Verify log rotation is configured (logrotate)
- Monitor disk space
- Consider centralized logging (syslog, Loki)
- Archive old logs before deletion
API Reference
Settings can also be managed via API:
Get all settings:
GET /api/v1/settingsUpdate a setting:
PUT /api/v1/settings/{key}
Content-Type: application/json
{"value": "new_value"}Known Issues:
GET /api/v1/known-issues
POST /api/v1/known-issues
DELETE /api/v1/known-issues/{id}
POST /api/v1/known-issues/{id}/toggleRelated Pages
- Audit Logs - Uses audit_retention_days setting
- Jobs - Uses worker_concurrency setting
- Compliance Scanning - Uses auto_refresh_interval setting