You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@lucene.apache.org by "Robert Muir (Jira)" <ji...@apache.org> on 2019/12/23 19:17:00 UTC

[jira] [Updated] (SOLR-14143) Add request-logging to securing solr page

     [ https://issues.apache.org/jira/browse/SOLR-14143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Robert Muir updated SOLR-14143:
-------------------------------
    Attachment: SOLR-14143.patch

> Add request-logging to securing solr page
> -----------------------------------------
>
>                 Key: SOLR-14143
>                 URL: https://issues.apache.org/jira/browse/SOLR-14143
>             Project: Solr
>          Issue Type: Improvement
>      Security Level: Public(Default Security Level. Issues are Public) 
>            Reporter: Robert Muir
>            Priority: Major
>         Attachments: SOLR-14143.patch
>
>
> This functionality was cleaned up in SOLR-14138 and for a major release I've proposed to turn it on by default in SOLR-14142.
> But for now, I think the "securing solr" page should instruct how to turn this on. Hopefully if we fix the default in SOLR-14142, this paragraph can simply go away (I think it is expert to not want to log such a basic thing).
> There is some overlap with "audit logging", but for sure the request log is always more complete, since it logs things that never even make it to solr (as well as 4xx denied by solr itself, of course). You can see the differenes by running a simple nmap script scan of your solr instance or similar.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@lucene.apache.org
For additional commands, e-mail: issues-help@lucene.apache.org