[
https://issues.apache.org/jira/browse/KAFKA-14605?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Beibei Zhao updated KAFKA-14605:
--------------------------------
Summary: Change the log level to info when logIfAllowed is set, warn when
logIfDenied is set. (was: Change the log level to warn when logIfAllowed is
set.)
> Change the log level to info when logIfAllowed is set, warn when logIfDenied
> is set.
> ------------------------------------------------------------------------------------
>
> Key: KAFKA-14605
> URL: https://issues.apache.org/jira/browse/KAFKA-14605
> Project: Kafka
> Issue Type: Improvement
> Reporter: Beibei Zhao
> Priority: Major
>
> StandardAuthorizer log at INFO level when logIfDenied is set(otherwise, we
> log at TRACE), but at debug level when logIfAllowed is set.
> Since audit log is security log, it should be logged at default verbosity
> level, not debug or trace when logIfAllowed is set.
> So I think, log at INFO when allow, and log at WARN when deny is better.
> {code:java}
> private void logAuditMessage(
> ...... ) {
> switch (rule.result()) {
> case ALLOWED:
> if (action.logIfAllowed() && auditLog.isDebugEnabled()) {
> auditLog.debug(......); // info
> } else if (auditLog.isTraceEnabled()) {
> auditLog.trace(buildAuditMessage(principal,
> requestContext, action, rule));
> }
> return;
> case DENIED:
> if (action.logIfDenied()) {
> auditLog.info(......); // warn
> } else if (auditLog.isTraceEnabled()) {
> auditLog.trace(buildAuditMessage(principal,
> requestContext, action, rule));
> }
> }
> }
> {code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
