[
https://issues.apache.org/jira/browse/QPID-5772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14040507#comment-14040507
]
Gordon Sim commented on QPID-5772:
----------------------------------
There are three log 'categories' (i.e. different Logger instances used):
qpid.messaging, qpid.messaging.io.ops and qpid.messaging.io.raw and you can
control these independently. So one option is not to log at debug for
qpid.messaging.io, which still allows the qpid.messaging log entries to be
enabled at DEBUG levelif desired.
If you must have the io logs enabled, and want to only omit certain details
from them, you could write a filter for that
(https://docs.python.org/2/library/logging.html#logging.Filter). Note that it
is not actually messages that are logged (i.e. not instance of Message) but
various protocol 'frames' or 'commands'.
> Security: after open debug log for qpid, python qpid driver will print all
> information including sensitive data
> ---------------------------------------------------------------------------------------------------------------
>
> Key: QPID-5772
> URL: https://issues.apache.org/jira/browse/QPID-5772
> Project: Qpid
> Issue Type: Bug
> Components: Python Client
> Reporter: zhu zhu
> Labels: debuglog, security,
>
> For example, logs as below.
> Is it possible to have Qpid to provide options/configurations to NOT print
> certain credential fieds in the debug logs? It will benefit product security
> that are adopting QPID as amqp implementation.
> Such as messaging/driver.py writeable, write method
> rawlog.debug("SENT[%s]: %r", self.log_id, sent)
> opslog.debug("RCVD[%s]: %r", self.log_id, op)
> opslog.debug("SENT[%s]: %r", self.log_id, op)
> log.debug("RACK[%s]: %s", sst.session.log_id, msg)
> ...
>
> 2014-05-15 04:07:07.756 19781 DEBUG qpid.messaging [-] SENT[3ae25a8]:
> Message(ttl=60, properties={'qpid.subject': 'topic/nova/conductor'},
> content={'oslo.message': '{"_context_roles": ["_member_", "admin"],
> "_msg_id": "7216c147b92048b38a779e0a37506edf", "_context_quota_class": null,
> "_context_request_id": "req-4e6960a0-89e2-410b-b67c-2fcda1b526e2",
> "_context_service_catalog": [{"endpoints_links": [], "endpoints":
> [{"adminURL":
> "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438";, "region":
> "RegionOne", "publicURL":
> "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438";,
> "internalURL":
> "http://9.123.137.154:8776/v1/c33546258c0a4733aa8eb56418df6438";, "id":
> "165be0534de5425daed4ee40da0d2f47"}], "type": "volume", "name": "cinder"}],
> "args": {"values": {"instance_uuid": "0b39e666-aa4e-4f54-89f8-2bc0f5d86e89",
> "start_time": "2014-05-15T09:07:07.750051", "event":
> "compute_terminate_instance", "request_id":
> "req-4e6960a0-89e2-410b-b67c-2fcda1b526e2"}}, "_unique_id":
> "e7392f1384134643bba0966088fcdaad", "_context_user":
> "f36557892ea44962b8b6e9f1897f2605", "_context_user_id":
> "f36557892ea44962b8b6e9f1897f2605", "_context_project_name": "service",
> "_context_read_deleted": "no", "_reply_q":
> "reply_02768c332dd445d79ce253efd75b32b8", "_context_auth_token":
> "202cdaf88b284afeafbbc77dc10f9058", "_context_tenant":
> "c33546258c0a4733aa8eb56418df6438", "_context_instance_lock_checked": false,
> "_context_is_admin": true, "version": "2.0", "_context_project_id":
> "c33546258c0a4733aa8eb56418df6438", "_context_timestamp":
> "2014-05-15T09:07:07.482164", "_context_user_name": "admin", "method":
> "action_event_start", "_context_remote_address": "9.123.137.154"}',
> 'oslo.version': '2.0'}) send
> /usr/lib/python2.6/site-packages/qpid/messaging/driver.py:1283
--
This message was sent by Atlassian JIRA
(v6.2#6252)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
