[
https://issues.apache.org/jira/browse/SOLR-14143?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Robert Muir updated SOLR-14143:
-------------------------------
Attachment: SOLR-14143.patch
> Add request-logging to securing solr page
> -----------------------------------------
>
> Key: SOLR-14143
> URL: https://issues.apache.org/jira/browse/SOLR-14143
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
> Attachments: SOLR-14143.patch
>
>
> This functionality was cleaned up in SOLR-14138 and for a major release I've
> proposed to turn it on by default in SOLR-14142.
> But for now, I think the "securing solr" page should instruct how to turn
> this on. Hopefully if we fix the default in SOLR-14142, this paragraph can
> simply go away (I think it is expert to not want to log such a basic thing).
> There is some overlap with "audit logging", but for sure the request log is
> always more complete, since it logs things that never even make it to solr
> (as well as 4xx denied by solr itself, of course). You can see the differenes
> by running a simple nmap script scan of your solr instance or similar.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
