[
https://issues.apache.org/jira/browse/SOLR-14143?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17002877#comment-17002877
]
ASF subversion and git services commented on SOLR-14143:
--------------------------------------------------------
Commit b87e1f5843f163ab5d8a90c6b0dc0f95f6e932fc in lucene-solr's branch
refs/heads/master from Robert Muir
[ https://gitbox.apache.org/repos/asf?p=lucene-solr.git;h=b87e1f5 ]
SOLR-14143: add request logging to securing solr page
> Add request-logging to securing solr page
> -----------------------------------------
>
> Key: SOLR-14143
> URL: https://issues.apache.org/jira/browse/SOLR-14143
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
> Attachments: SOLR-14143.patch
>
>
> This functionality was cleaned up in SOLR-14138 and for a major release I've
> proposed to turn it on by default in SOLR-14142.
> But for now, I think the "securing solr" page should instruct how to turn
> this on. Hopefully if we fix the default in SOLR-14142, this paragraph can
> simply go away (I think it is expert to not want to log such a basic thing).
> There is some overlap with "audit logging", but for sure the request log is
> always more complete, since it logs things that never even make it to solr
> (as well as 4xx denied by solr itself, of course). You can see the differenes
> by running a simple nmap script scan of your solr instance or similar.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
