[HBASE-26160] Configurable disallowlist for live editing of loglevels - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 2.5.0, 3.0.0-alpha-2, 2.4.6
Component/s: None
Labels:
None

Release Note:

Hide
Adds a new hbase.ui.logLevels.readonly.loggers config which takes a comma-separated list of logger names. Similar to log4j configurations, the logger names can be prefixes or a full logger name. The log level of read only loggers cannot be changed via the logLevel UI or setlevel CLI. This is useful for securing sensitive loggers, such as the SecurityLogger used for audit logs.

Show
Adds a new hbase.ui.logLevels.readonly.loggers config which takes a comma-separated list of logger names. Similar to log4j configurations, the logger names can be prefixes or a full logger name. The log level of read only loggers cannot be changed via the logLevel UI or setlevel CLI. This is useful for securing sensitive loggers, such as the SecurityLogger used for audit logs.

Description

We currently use log4j/slf4j for audit logging in AccessController. This is convenient but presents a security/compliance risk because we allow live-editing of logLevels via the UI. One can simply set the logger to OFF and then perform actions un-audited.

We should add a configuration for setting certain log levels to read-only

Attachments

Issue Links

links to

GitHub Pull Request #3549

GitHub Pull Request #3558

GitHub Pull Request #3559

Activity

People

Assignee:: Bryan Beaudreault

Reporter:: Bryan Beaudreault

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 01/Aug/21 13:33

Updated:: 06/Aug/21 01:36

Resolved:: 05/Aug/21 03:12