Project

General

Profile

Bug #25482

Excessive logging of OpenScap report via Rails

Added by Lukas Zapletal about 4 years ago. Updated almost 4 years ago.

Status:
Ready For Testing
Priority:
High
Category:
Logging
Target version:
-
Difficulty:
Triaged:
No
Bugzilla link:
Fixed in Releases:
Found in Releases:
Red Hat JIRA:

Description

Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1650543

Hey, it looks like in 6.4 Rails log excessive amount of JSON for one of the OpenScap endpoints:

2018-11-14T12:39:25 [I|app|ca221]   Parameters: {"logs"=>[{"source"=>"xccdf_org.ssgproject.content_rule_partition_for_tmp", "result"=>"pass", "title"=>"Ensure /tmp Located On Separate Partition", "description"=>"\nThe /tmp directory is a world-writable directory used\nfor temporary file storage. Ensure it has its own partition or\nlogical volume at installation time, or migrate it using LVM.\n", "rationale"=>"\nThe /tmp partition is used as temporary storage by many programs.\nPlacing /tmp in its own partition enables the setting of more\nrestrictive mount options, which can help protect programs which use it.\n", "references"=>[{"title"=>"SC-32(1)", "href"=>"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf", "html_link"=>"<a href='http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf'>SC-32(1)</a>"}, ...
...continues...

Rails unfortunately doesn't provide a way to turn off logging of "Parameters" via INFO logging line. I've attempted to create patch in upstream Rails, but the community seems to be very opinionated about this: https://github.com/rails/rails/pull/26025

It provides a simple "filtering" mechanism for keys (e.g. passwords) and Katello plugin has a workaround to avoid logging of some larger requests:

app.config.filter_parameters += [:_json] #package profile parameter

But this approach cannot be done for OpenSCAP as it does not have a common root JSON element and we'd need to add filters for generic fields like "logs" or "name" etc.

I think I am able to create a small patch and override Rails to send all Parameters lines into debug level.


Related issues

Related to OpenSCAP - Bug #21127: Scap content file is printed into logsClosed

History

#1 Updated by The Foreman Bot about 4 years ago

  • Assignee set to Lukas Zapletal
  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/foreman/pull/6252 added

#2 Updated by Lukas Zapletal about 4 years ago

  • Related to Bug #21127: Scap content file is printed into logs added

Also available in: Atom PDF