Item13063: Configure needs to log changes

pencil
Priority: Urgent
Current State: Closed
Released In: 1.2.0
Target Release: minor
Applies To: Engine
Component: Configure
Branches: master
Reported By: GeorgeClark
Waiting For:
Last Change By: GeorgeClark
Foswiki 1.1.x logs each configuration change to working/logs/configure.log. This is missing in the reworked configure. (Below capture from 1.1.3) In addition to changes, it also logs authentication failures

| Mon Sep 19 13:26:33 2011 | OlivierRaginel | 11.22.33.44 | {Password} | AUTHENTICATION FAILURE |
| Thu Sep 22 15:50:00 2011 | GeorgeClark | 55.66.77.88 | {Store}{Implementation} | Foswiki::Store::RcsLite |

Also, Foswiki 1.2 prior to the reworked configure also logged an optional description of the change:

# -------- Start of Update --------
# There is a SVN checkout issue for SlideShowPlugin due to a tree conflict.  This needs to be resolved.
| Sun Mar 16 04:11:54 2014 | GeorgeClark | 11.22.33.44 | {Plugins}{SlideShowPlugin}{Enabled} | 0 |
# --------- End of Update ---------

At a minimum, 1.2 needs to log:
  • Before/After of each changed element (redacting passwords)
  • Rejected attempts to access configure.

A short comment / description of the change would be nice to have.

-- GeorgeClark - 02 Nov 2014

Decided to implement configure logging using the currently unused "notice" log level. Configure will use the hash calling convention
            $this->{logger}->log(
                {
                    level      => 'notice',
                    action   => 'save',
                    setting  =>  '{SomeField}{Keys}' ,
                    oldvalue =>  'old value',
                    newvalue =>  'new value',

The authenticated session user, and remote IP will be logged automatically. Log format:
| timestamp level | user | remoteIP | setting | oldvalue | newvalue |

Foswiki::Logger::getOldCall() will convert the hash format back to an array that the PlainFile and Compatibility loggers understand. LogDispatch will define the layout with it's field tokens.

-- GeorgeClark - 06 Nov 2014

When configure is called from the shell, no session exists and the logger is unable to log. To avoid a fault, skipping the logger calls when no session exists. It would be preferable to initialize the logger.

-- GeorgeClark - 08 Nov 2014
 
Topic revision: r7 - 09 Dec 2014, GeorgeClark
The copyright of the content on this website is held by the contributing authors, except where stated elsewhere. See Copyright Statement. Creative Commons License    Legal Imprint    Privacy Policy