Today, impersonated user information is included on slow query logs inside of the $audit object. It is present whenever a server is performing a request proxied by another server authenticated as the __system user. This includes both the impersonated username and its roles, which can be arbitrarily large. In at least one case, this has caused very large logs since the impersonated user had many roles sourced from LDAP group membership, eventually causing the log file to become too large.

To mitigate this, we can consider introducing some kind of option to either filter impersonated users/roles entirely from the logs or deduplicate just the roles from the usernames.