Bug #25482

Excessive logging of OpenScap report via Rails

Added by Lukas Zapletal about 4 years ago. Updated almost 4 years ago.

Ready For Testing
Target version:
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:


Cloned from

Hey, it looks like in 6.4 Rails log excessive amount of JSON for one of the OpenScap endpoints:

2018-11-14T12:39:25 [I|app|ca221]   Parameters: {"logs"=>[{"source"=>"xccdf_org.ssgproject.content_rule_partition_for_tmp", "result"=>"pass", "title"=>"Ensure /tmp Located On Separate Partition", "description"=>"\nThe /tmp directory is a world-writable directory used\nfor temporary file storage. Ensure it has its own partition or\nlogical volume at installation time, or migrate it using LVM.\n", "rationale"=>"\nThe /tmp partition is used as temporary storage by many programs.\nPlacing /tmp in its own partition enables the setting of more\nrestrictive mount options, which can help protect programs which use it.\n", "references"=>[{"title"=>"SC-32(1)", "href"=>"", "html_link"=>"<a href=''>SC-32(1)</a>"}, ...

Rails unfortunately doesn't provide a way to turn off logging of "Parameters" via INFO logging line. I've attempted to create patch in upstream Rails, but the community seems to be very opinionated about this:

It provides a simple "filtering" mechanism for keys (e.g. passwords) and Katello plugin has a workaround to avoid logging of some larger requests:

app.config.filter_parameters += [:_json] #package profile parameter

But this approach cannot be done for OpenSCAP as it does not have a common root JSON element and we'd need to add filters for generic fields like "logs" or "name" etc.

I think I am able to create a small patch and override Rails to send all Parameters lines into debug level.

Related issues

Related to OpenSCAP - Bug #21127: Scap content file is printed into logsClosed


#1 Updated by The Foreman Bot about 4 years ago

  • Assignee set to Lukas Zapletal
  • Status changed from New to Ready For Testing
  • Pull request added

#2 Updated by Lukas Zapletal about 4 years ago

  • Related to Bug #21127: Scap content file is printed into logs added

Also available in: Atom PDF