First Last Prev Next    This bug is not in your last search results.
Bug 48905 - Too much debug output in default u-portal-server configuration
Too much debug output in default u-portal-server configuration
Status: NEW
Product: UCS
Classification: Unclassified
Component: Portal
UCS 4.4
Other Linux
: P5 normal (vote)
: ---
Assigned To: UMC maintainers
UMC maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2019-03-07 16:09 CET by Erik Damrose
Modified: 2023-08-17 21:20 CEST (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 4: Minor Usability: Impairs usability in secondary scenarios
Who will be affected by this bug?: 5: Will affect all installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.229
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Erik Damrose univentionstaff 2019-03-07 16:09:17 CET 
Every(!) http access to the Portal in UCS 4.4 generates at least these log lines in /var/log/syslog. The loglevel of these messages should be changed.

Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: no user given
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.user:no user given
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: getting portal from cache
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting portal from cache
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: getting entries from cache
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting entries from cache
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: getting links from cache
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting links from cache
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: getting categories from cache
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting categories from cache
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: getting entries from cache
Mar  7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting entries from cache
Comment 1 Ingo Steuwer univentionstaff 2020-05-04 07:52:16 CEST 
There are even more log lines in UCS 4.4-4, I'm afraid this is going to be a performance issue in larger environments:


May  4 07:50:27 dc0 univention-portal-server[1058]: searching user for 7f7afc9e-8d24-4709-832c-f48f56f40053
May  4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.user:searching user for 7f7afc9e-8d24-4709-832c-f48f56f40053
May  4 07:50:27 dc0 univention-portal-server[1058]: session unknown!
May  4 07:50:27 dc0 univention-portal-server[1058]: WARNING:univention.portal.user:session unknown!
May  4 07:50:27 dc0 univention-portal-server[1058]: no user found
May  4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.user:no user found
May  4 07:50:27 dc0 univention-portal-server[1058]: getting portal from cache
May  4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting portal from cache
May  4 07:50:27 dc0 univention-portal-server[1058]: getting entries from cache
May  4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting entries from cache
May  4 07:50:27 dc0 univention-portal-server[1058]: getting links from cache
May  4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting links from cache
May  4 07:50:27 dc0 univention-portal-server[1058]: getting categories from cache
May  4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting categories from cache
May  4 07:50:27 dc0 univention-portal-server[1058]: getting entries from cache
May  4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting entries from cache
Comment 2 Dirk Ahrnke univentionstaff 2020-09-25 14:47:25 CEST 
looks like setup_logger() in /usr/bin/univention-portal-server defines a hardcoded

logger.setLevel(logging.DEBUG)
Comment 3 Tim Breidenbach univentionstaff 2023-08-17 21:20:13 CEST 
The hardcoded loglevel is still valid for UCS5.
The information about the users SAML token should not be present in the logs (as default cause the cookies are logged). 
In my opinion this could be seen as a security issue.

e.g. portal.log:

4741 user         23-08-17 20:53:46 [   DEBUG]: searching user for cookies={'UMCLang': 'de-DE', 'UMCUsername': 'tim.breidenbach', 'UMCSessionId': 'f4219e51-7e96-40df-8bde-bdsc6f6104c8', 'SimpleSAMLSessionID': '945e11ee8e72a4b21fe22dcd605ed170', 'SimpleSAMLAuthToken': '_7bbe4616ca9ac4e9f566cdf0fdbc4319ee89e93cae'}
First Last Prev Next    This bug is not in your last search results.