Hello, In the same type, there is also a "vulnerability" tagged by our sec team internally: if you execute a command with a password as a parameter, this password will be present in the logs, even if the parameter is declared as "masked". Because it is set unfiltered as the thread name of the command.
Regards, Jérémie mie., 1 oct. 2025, 16:10 Ephemeris Lappis <[email protected]> a scris: > Hello.! > > The current default appender is right for all our logs, except for shell > commands that are used by our dev-ops tools and generate very long (and > very useless) thread names". > How can we filter these commands that have no package, thus no explicit > appender ? > > Another very strange shell behavior : > > executing the command : > x="json = {\"a\":1, \"b\":2}" > . > produces a repeated "json = " pattern, it seems that the "{...,..." is > interpreted as a repeated action pattern. I've found no explanation in the > shell manual. > > json = "a":1 json = "b":2 > > Is there a way to disable this command expansion : our dev-ops jobs fail > because of that :( > > Thanks. > > Regards. > > > Le mer. 1 oct. 2025 à 15:44, Matt Pavlovich <[email protected]> a > écrit : > >> Your logging configuration must be using a pattern that includes the >> thread name in the log output. You can remove that macro, or configure a >> separate log appender for the packages you want to filter and give that a >> different logging pattern without the thread macro. >> >> -Matt >> >> > On Oct 1, 2025, at 5:35 AM, Ephemeris Lappis < >> [email protected]> wrote: >> > >> > Hello. >> > >> > We need to use the Karaf's shell "log" command to trace actions during >> some deployment opérations.. >> > >> > We've seen that the thread name using the "log:log" command is the >> command itself, producing very big lines in the log file. >> > >> > Example : >> > admin@root()> log:log --level WARNING "A very very long text..." >> > 12:29:39.362 WARN [pipe-log:log --level WARNING "A very very long >> text..."] A very very long text... >> > >> > The thread name is "pipe-log:log --level WARNING "A very very long >> text..."" >> > >> > In reality, messages may be actually bigger, since we want to trace >> very detailed information about the current deployments. >> > >> > Is there any way to avoid this ? >> > >> > Thanks in advance for your help. >> > >> > Regards. >> >>
