> On Oct. 11, 2022, 4:25 p.m., Madhan Neethiraj wrote: > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java > > Line 2134 (original), 2134 (patched) > > <https://reviews.apache.org/r/74115/diff/2/?file=2270560#file2270560line2134> > > > > While troubleshooting failures in create/update of > > policy/role/security-zone, it is often useful to see the contents in logs. > > So, I suggest to retain current log statements. Is there any specific > > usecase that results in flood of these error logs? > > Ramachandran Krishnan wrote: > When the policy json is big like (one policy which contain 500 users , > 10 resouces , 500 policy items ),it is flooding the log files while doing > performance testing.Due to the this ,we started facing in the ELK side > indexing. > It make sense to retain the log statements for create/update of > role/security-zone but policies we saw issues
ok. I suggest to consider the following: 1. update these log statements to use log level WARN (instead of ERROR) 2. For performance testing, set log level for following classes to ERROR: - org.apache.ranger.biz.XUserMgr - org.apache.ranger.rest.ServiceREST This will avoid excessive logs during performance testing, and will also retain the details in production environments for troubleshooting. - Madhan ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74115/#review224778 ----------------------------------------------------------- On Oct. 11, 2022, 4:54 p.m., Ramachandran Krishnan wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74115/ > ----------------------------------------------------------- > > (Updated Oct. 11, 2022, 4:54 p.m.) > > > Review request for ranger, Gautam Borad, Abhay Kulkarni, Madhan Neethiraj, > Nikhil P, Pradeep Agrawal, Ramesh Mani, Selvamohan Neethiraj, Sailaja > Polavarapu, and Velmurugan Periasamy. > > > Bugs: RANGER-3902 > https://issues.apache.org/jira/browse/RANGER-3902 > > > Repository: ranger > > > Description > ------- > > Whenever policy creation fails , we used to log the entire policy JSON > LOG.error("createPolicy(" + policy + ") failed", excp); > Whenever a policy update fails, we used to log the entire policy JSON > LOG.error("updatePolicy(" + policy + ") failed", excp); > Proposal : > > During policy, creation/update fails > > We can log policyId/policyName for policy creation/updation. > > > Diffs > ----- > > security-admin/src/main/java/org/apache/ranger/biz/XUserMgr.java 04968ecc5 > > security-admin/src/main/java/org/apache/ranger/common/RangerServicePoliciesCache.java > b1447829b > security-admin/src/main/java/org/apache/ranger/rest/ServiceREST.java > c3a65a115 > > > Diff: https://reviews.apache.org/r/74115/diff/3/ > > > Testing > ------- > > Tested this change in the log files > > > Thanks, > > Ramachandran Krishnan > >
