[jira] [Updated] (UNOMI-846) Change log level for json schema validation

Wed, 21 Aug 2024 09:18:24 -0700 


     [ 
https://issues.apache.org/jira/browse/UNOMI-846?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Romain Gauthier updated UNOMI-846:
----------------------------------
    Description: 
Hello, 
Following our first use of unomi 2.x, we're seeing that: 
- even rejection is logged as an error. I don't think that event rejection 
should be logged as an error as it is the normal behavior in many cases 
- To see why an event is rejected, it is needed to enable debug. So by default, 
we never know if unomi is being attacked or if a mistake was done in the 
payload of an event or in a schema

I suggest to change the behavior to the following: 
- When an event is rejected because of basic validation: log a warning but do 
not log more to avoid any log injection / log forging 
- When an event is rejected because of schema validation: log a warning (or 
INFO, to be discussed) + the error message




  was:
Hello, 
Following our first use of unomi 2.x, we're seeing that: 
- even rejection is logged as an error. I don't think that event rejection 
should be logged as an error as it is the normal behavior in many cases 
- to see why an event is rejected, it is needed 

I suggest that


> Change log level for json schema validation
> -------------------------------------------
>
>                 Key: UNOMI-846
>                 URL: https://issues.apache.org/jira/browse/UNOMI-846
>             Project: Apache Unomi
>          Issue Type: Improvement
>            Reporter: Romain Gauthier
>            Priority: Major
>
> Hello, 
> Following our first use of unomi 2.x, we're seeing that: 
> - even rejection is logged as an error. I don't think that event rejection 
> should be logged as an error as it is the normal behavior in many cases 
> - To see why an event is rejected, it is needed to enable debug. So by 
> default, we never know if unomi is being attacked or if a mistake was done in 
> the payload of an event or in a schema
> I suggest to change the behavior to the following: 
> - When an event is rejected because of basic validation: log a warning but do 
> not log more to avoid any log injection / log forging 
> - When an event is rejected because of schema validation: log a warning (or 
> INFO, to be discussed) + the error message



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to