[
https://issues.apache.org/jira/browse/SOLR-14138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17001774#comment-17001774
]
Jan Høydahl commented on SOLR-14138:
------------------------------------
+1
I recently missed some Jetty logging when debugging SSL handshake problems and
having jetty logs around would help.
Is there a way we can control enabling jetty request log through an env var
instead of having to edit xml?
> Fix commented-out RequestLog in jetty.xml to use non-deprecated class
> ---------------------------------------------------------------------
>
> Key: SOLR-14138
> URL: https://issues.apache.org/jira/browse/SOLR-14138
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
>
> Currently the jetty request logging is disabled (commented out).
> But it can be useful, e.g. since it uses a standard logging format and there
> are tools to analyze it by default. Also it can be used to detect some
> attacks not otherwise logged anywhere else, since they don't make it to solr
> servlet: requests blocked at the jetty level (invalid/malformed requests,
> ones filtered by jetty IP filtering, etc).
> We should switch it from the deprecated NCSARequestLog class, instead to use
> the CustomRequestLog with either NCSA_FORMAT or EXTENDED_NCSA_FORMAT.
> {quote}
> Deprecated.
> use CustomRequestLog given format string
> CustomRequestLog.EXTENDED_NCSA_FORMAT with a RequestLogWriter
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
