[GitHub] kafka pull request #1825: MINOR: Reduce the log level when the peer isn't au...

Mon, 05 Sep 2016 22:32:14 -0700 

GitHub user jaikiran opened a pull request:

    https://github.com/apache/kafka/pull/1825

    MINOR: Reduce the log level when the peer isn't authenticated but is using 
SSL

    The commit here changes the log level of a log message from WARN to DEBUG. 
As noted in the mail discussion here 
https://www.mail-archive.com/dev@kafka.apache.org/msg56035.html, in a pretty 
straightforward/typical and valid setup, the broker logs get flooded with the 
following message:
    
                   [2016-09-02 08:07:13,773] WARN SSL peer is not 
authenticated, returning ANONYMOUS instead 
(org.apache.kafka.common.network.SslTransportLayer)
                [2016-09-02 08:07:15,710] WARN SSL peer is not authenticated, 
returning ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
                [2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, 
returning ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
                [2016-09-02 08:07:15,711] WARN SSL peer is not authenticated, 
returning ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer)
                [2016-09-02 08:07:15,712] WARN SSL peer is not authenticated, 
returning ANONYMOUS instead (org.apache.kafka.common.network.SslTransportLayer) 
                ....
    
    
    and it goes on forever. 
    
    Personally, I would like to remove this log message altogether for two 
reasons:
    
    - It's a valid case for the peer to be not authenticated but still using 
SSL and the code rightly handles it to return anonymous principal
    - The fact that this method gets called way too frequently and irrespective 
of what log level it gets logged at, it will end up flooding the log if that 
level is enabled.
    
    Having said that I don't know if there will be an agreement on removing 
this log message altogether, hence just lowering the level for now.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jaikiran/kafka ssl-log-level

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/kafka/pull/1825.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1825
    
----
commit 72919ce832ebf4437893993e16f3003bcd6eb941
Author: Jaikiran Pai <jaikiran....@gmail.com>
Date:   2016-09-06T05:23:44Z

    Reduce the log level when the peer isn't authenticated but is using SSL 
(which is a valid case)

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---

Reply via email to