I've been playing around sending logs to a Graylog server using the GelfLayout mechanism. It's working...too well. I discovered that the login password is being sent into the Graylog server as part of the GELF data. If I set the log level at warn, I get nothing at all, but at info, I get the password. I've attached the log to several different AsyncLogger entries, but cannot find one that doesn't include the password. Am I missing something or is this an issue that needs to be fixed. My log files just have the message data, but the GELF data seems to include everything in the session.
-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/5d341ad1-2e5a-4ef4-8e99-04f9f227619e%40apereo.org.
