Bug #25482
openExcessive logging of OpenScap report via Rails
Description
Cloned from https://bugzilla.redhat.com/show_bug.cgi?id=1650543
Hey, it looks like in 6.4 Rails log excessive amount of JSON for one of the OpenScap endpoints:
2018-11-14T12:39:25 [I|app|ca221] Parameters: {"logs"=>[{"source"=>"xccdf_org.ssgproject.content_rule_partition_for_tmp", "result"=>"pass", "title"=>"Ensure /tmp Located On Separate Partition", "description"=>"\nThe /tmp directory is a world-writable directory used\nfor temporary file storage. Ensure it has its own partition or\nlogical volume at installation time, or migrate it using LVM.\n", "rationale"=>"\nThe /tmp partition is used as temporary storage by many programs.\nPlacing /tmp in its own partition enables the setting of more\nrestrictive mount options, which can help protect programs which use it.\n", "references"=>[{"title"=>"SC-32(1)", "href"=>"http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf", "html_link"=>"<a href='http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf'>SC-32(1)</a>"}, ... ...continues...
Rails unfortunately doesn't provide a way to turn off logging of "Parameters" via INFO logging line. I've attempted to create patch in upstream Rails, but the community seems to be very opinionated about this: https://github.com/rails/rails/pull/26025
It provides a simple "filtering" mechanism for keys (e.g. passwords) and Katello plugin has a workaround to avoid logging of some larger requests:
app.config.filter_parameters += [:_json] #package profile parameter
But this approach cannot be done for OpenSCAP as it does not have a common root JSON element and we'd need to add filters for generic fields like "logs" or "name" etc.
I think I am able to create a small patch and override Rails to send all Parameters lines into debug level.
Updated by The Foreman Bot about 6 years ago
- Status changed from New to Ready For Testing
- Assignee set to Lukas Zapletal
- Pull request https://github.com/theforeman/foreman/pull/6252 added
Updated by Lukas Zapletal about 6 years ago
- Related to Bug #21127: Scap content file is printed into logs added