Univention Bugzilla – Bug 48905
Too much debug output in default u-portal-server configuration
Last modified: 2023-08-17 21:20:13 CEST
Every(!) http access to the Portal in UCS 4.4 generates at least these log lines in /var/log/syslog. The loglevel of these messages should be changed. Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: no user given Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.user:no user given Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: getting portal from cache Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting portal from cache Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: getting entries from cache Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting entries from cache Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: getting links from cache Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting links from cache Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: getting categories from cache Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting categories from cache Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: getting entries from cache Mar 7 16:06:33 ucs-4421 univention-portal-server[1419]: DEBUG:univention.portal.cache:getting entries from cache
There are even more log lines in UCS 4.4-4, I'm afraid this is going to be a performance issue in larger environments: May 4 07:50:27 dc0 univention-portal-server[1058]: searching user for 7f7afc9e-8d24-4709-832c-f48f56f40053 May 4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.user:searching user for 7f7afc9e-8d24-4709-832c-f48f56f40053 May 4 07:50:27 dc0 univention-portal-server[1058]: session unknown! May 4 07:50:27 dc0 univention-portal-server[1058]: WARNING:univention.portal.user:session unknown! May 4 07:50:27 dc0 univention-portal-server[1058]: no user found May 4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.user:no user found May 4 07:50:27 dc0 univention-portal-server[1058]: getting portal from cache May 4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting portal from cache May 4 07:50:27 dc0 univention-portal-server[1058]: getting entries from cache May 4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting entries from cache May 4 07:50:27 dc0 univention-portal-server[1058]: getting links from cache May 4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting links from cache May 4 07:50:27 dc0 univention-portal-server[1058]: getting categories from cache May 4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting categories from cache May 4 07:50:27 dc0 univention-portal-server[1058]: getting entries from cache May 4 07:50:27 dc0 univention-portal-server[1058]: DEBUG:univention.portal.cache:getting entries from cache
looks like setup_logger() in /usr/bin/univention-portal-server defines a hardcoded logger.setLevel(logging.DEBUG)
The hardcoded loglevel is still valid for UCS5. The information about the users SAML token should not be present in the logs (as default cause the cookies are logged). In my opinion this could be seen as a security issue. e.g. portal.log: 4741 user 23-08-17 20:53:46 [ DEBUG]: searching user for cookies={'UMCLang': 'de-DE', 'UMCUsername': 'tim.breidenbach', 'UMCSessionId': 'f4219e51-7e96-40df-8bde-bdsc6f6104c8', 'SimpleSAMLSessionID': '945e11ee8e72a4b21fe22dcd605ed170', 'SimpleSAMLAuthToken': '_7bbe4616ca9ac4e9f566cdf0fdbc4319ee89e93cae'}