[
https://issues.apache.org/jira/browse/SOLR-14138?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17001776#comment-17001776
]
Robert Muir commented on SOLR-14138:
------------------------------------
i can investigate it. i would like to make it easier since these logs contain
ip address and are easy to process. Maybe its not easy to conditionalize with
the current start.jar approach, but maybe there is a simple way. At the least
lets get off the deprecated class.
> Fix commented-out RequestLog in jetty.xml to use non-deprecated class
> ---------------------------------------------------------------------
>
> Key: SOLR-14138
> URL: https://issues.apache.org/jira/browse/SOLR-14138
> Project: Solr
> Issue Type: Improvement
> Security Level: Public(Default Security Level. Issues are Public)
> Reporter: Robert Muir
> Priority: Major
>
> Currently the jetty request logging is disabled (commented out).
> But it can be useful, e.g. since it uses a standard logging format and there
> are tools to analyze it by default. Also it can be used to detect some
> attacks not otherwise logged anywhere else, since they don't make it to solr
> servlet: requests blocked at the jetty level (invalid/malformed requests,
> ones filtered by jetty IP filtering, etc).
> We should switch it from the deprecated NCSARequestLog class, instead to use
> the CustomRequestLog with either NCSA_FORMAT or EXTENDED_NCSA_FORMAT.
> {quote}
> Deprecated.
> use CustomRequestLog given format string
> CustomRequestLog.EXTENDED_NCSA_FORMAT with a RequestLogWriter
> {quote}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@lucene.apache.org
For additional commands, e-mail: issues-h...@lucene.apache.org
