[jira] [Updated] (HBASE-26160) Configurable disallowlist for live editing of loglevels
[ https://issues.apache.org/jira/browse/HBASE-26160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Bryan Beaudreault updated HBASE-26160: -- Release Note: Adds a new hbase.ui.logLevels.readonly.loggers config which takes a comma-separated list of logger names. Similar to log4j configurations, the logger names can be prefixes or a full logger name. The log level of read only loggers cannot be changed via the logLevel UI or setlevel CLI. This is useful for securing sensitive loggers, such as the SecurityLogger used for audit logs. > Configurable disallowlist for live editing of loglevels > --- > > Key: HBASE-26160 > URL: https://issues.apache.org/jira/browse/HBASE-26160 > Project: HBase > Issue Type: Improvement >Reporter: Bryan Beaudreault >Assignee: Bryan Beaudreault >Priority: Minor > Fix For: 2.5.0, 3.0.0-alpha-2, 2.4.6 > > > We currently use log4j/slf4j for audit logging in AccessController. This is > convenient but presents a security/compliance risk because we allow > live-editing of logLevels via the UI. One can simply set the logger to OFF > and then perform actions un-audited. > We should add a configuration for setting certain log levels to read-only -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (HBASE-26160) Configurable disallowlist for live editing of loglevels
[ https://issues.apache.org/jira/browse/HBASE-26160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wei-Chiu Chuang updated HBASE-26160: Fix Version/s: 2.4.6 > Configurable disallowlist for live editing of loglevels > --- > > Key: HBASE-26160 > URL: https://issues.apache.org/jira/browse/HBASE-26160 > Project: HBase > Issue Type: Improvement >Reporter: Bryan Beaudreault >Assignee: Bryan Beaudreault >Priority: Minor > Fix For: 2.5.0, 3.0.0-alpha-2, 2.4.6 > > > We currently use log4j/slf4j for audit logging in AccessController. This is > convenient but presents a security/compliance risk because we allow > live-editing of logLevels via the UI. One can simply set the logger to OFF > and then perform actions un-audited. > We should add a configuration for setting certain log levels to read-only -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (HBASE-26160) Configurable disallowlist for live editing of loglevels
[ https://issues.apache.org/jira/browse/HBASE-26160?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Wei-Chiu Chuang updated HBASE-26160: Fix Version/s: 3.0.0-alpha-2 2.5.0 > Configurable disallowlist for live editing of loglevels > --- > > Key: HBASE-26160 > URL: https://issues.apache.org/jira/browse/HBASE-26160 > Project: HBase > Issue Type: Improvement >Reporter: Bryan Beaudreault >Assignee: Bryan Beaudreault >Priority: Minor > Fix For: 2.5.0, 3.0.0-alpha-2 > > > We currently use log4j/slf4j for audit logging in AccessController. This is > convenient but presents a security/compliance risk because we allow > live-editing of logLevels via the UI. One can simply set the logger to OFF > and then perform actions un-audited. > We should add a configuration for setting certain log levels to read-only -- This message was sent by Atlassian Jira (v8.3.4#803005)