Yes.. but these are not audit logs.. On Sun, Nov 29, 2015 at 10:50 PM, Afkham Azeez <[email protected]> wrote:
> We have an audit logger to specifically log audit related stuff. > > On Fri, Nov 27, 2015 at 2:10 PM, Prabath Siriwardana <[email protected]> > wrote: > >> I guess it would be much better to have a different log appender to log >> sensitive data. In that way you get more control. Whether to print the log >> or not - or even encrypt and print, logic will go into the appender >> itself... >> >> Thanks & regards, >> -Prabath >> >> On Thu, Nov 26, 2015 at 9:53 PM, Jayanga Kaushalya <[email protected]> >> wrote: >> >>> Hi all, >>> >>> Currently IS supports to limit the debug logs that are printed according >>> to the sensitive data that contains in the log. There is a separate >>> properties file which contains the token type (or the information category) >>> and the printable or non printable status. In the default state, this file >>> will be not read and all sensitive data will be not printed to the logs. >>> There is a special system property which should be pass to read the file >>> and print logs accordingly. >>> >>> We are hoping to move this feature to the kernel as it is an important >>> feature for all of the products which prints sensitive information in logs. >>> >>> Currently in IS, we have a util method which we use to check before >>> printing each sensitive log. >>> >>> if (log.isDebugEnable() && IdentityUtil.isLogPrintable("TokenType")) { >>> log.debug("Sensitive data"); >>> } >>> >>> However we are considering following improvement when moving to the >>> carbon kernel. Which is to create a log appender which will read the >>> log.debug with a placeholder. >>> >>> if (log.isDebugEnable()) { >>> log.debug("Sensitive data ${TokenType}"); >>> } >>> >>> downside of this approach is string will be always created whether the >>> log is printable or not. >>> >>> What should be the better approach? Or is there any other better >>> approach? Please give your ideas. >>> >>> Thanks! >>> >>> *Jayanga Kaushalya* >>> Software Engineer >>> Mobile: +94777860160 >>> WSO2 Inc. | http://wso2.com >>> lean.enterprise.middleware >>> >> >> >> >> -- >> Thanks & Regards, >> Prabath >> >> Twitter : @prabath >> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >> >> Mobile : +1 650 625 7950 >> >> http://blog.facilelogin.com >> http://blog.api-security.org >> >> _______________________________________________ >> Architecture mailing list >> [email protected] >> https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture >> >> > > > -- > *Afkham Azeez* > Director of Architecture; WSO2, Inc.; http://wso2.com > Member; Apache Software Foundation; http://www.apache.org/ > * <http://www.apache.org/>* > *email: **[email protected]* <[email protected]> > * cell: +94 77 3320919 <%2B94%2077%203320919>blog: * > *http://blog.afkham.org* <http://blog.afkham.org> > *twitter: **http://twitter.com/afkham_azeez* > <http://twitter.com/afkham_azeez> > *linked-in: **http://lk.linkedin.com/in/afkhamazeez > <http://lk.linkedin.com/in/afkhamazeez>* > > *Lean . Enterprise . Middleware* > > _______________________________________________ > Architecture mailing list > [email protected] > https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture > > -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
