[
https://issues.apache.org/jira/browse/NIFI-4106?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16059492#comment-16059492
]
ASF GitHub Bot commented on NIFI-4106:
--------------------------------------
Github user alopresto commented on the issue:
https://github.com/apache/nifi/pull/1934
@NielsZeilemaker yes, @jfrazee and I were just talking about that. I think
changing the rejection message to `WARN` is a better solution.
In thinking back, I believe the reason we didn't do that by default is to
prevent log flooding during an attack. If you (an experienced user) set your
threshold for the class to `WARN`, you would not get messages for success or
failure. If you noticed users being rejected, you could temporarily lower the
threshold to diagnose.
But I would be ok with rejection generating a `WARN` message, as in the
positive case (normal operation) that would be far more useful than an admin
missing those messages.
> NiFiAuthenticationFilter logs "Authentication success" at info level
> --------------------------------------------------------------------
>
> Key: NIFI-4106
> URL: https://issues.apache.org/jira/browse/NIFI-4106
> Project: Apache NiFi
> Issue Type: Bug
> Components: Configuration
> Reporter: Niels Zeilemaker
>
> The NiFiAuthenticationFilter polluting the logs with many "Authentication
> success" messages. I think those should be changed to debug level to reduce
> the amount of logging.
> Currently, we have more than one of those lines per second, due to multiple
> users actively using Nifi, which seems unneccesary.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
