Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Denied PUBLISH" messages are only logged as debug messages #3020

Open
rovo89 opened this issue Mar 18, 2024 · 0 comments
Open

"Denied PUBLISH" messages are only logged as debug messages #3020

rovo89 opened this issue Mar 18, 2024 · 0 comments

Comments

@rovo89
Copy link

rovo89 commented Mar 18, 2024

This might be a feature, not a bug, but I feel that "Denied PUBLISH" messages should be logged in the default configuration. Currently, the two messages use MOSQ_LOG_DEBUG. I think they should be moved to MOSQ_LOG_WARNING (or some other log level that is enabled by default). Not necessarily MOSQ_LOG_ERR because it's not a problem with Mosquitto itself.

Rationale: I expect that ACLs are usually a safety net, i.e. under normal circumstances, every client only publishes/subscribes to topics they're authorized for. But in case of trespassing, I would like to know about it. Right now, I would have to keep log_level debug enabled permanently, but that generates a lot of messages. In my opinion, debug messages should confirm that things are running as expected and provide more information about these things (e.g. "Sending PUBLISH"), but if something unexpected happens, it should get a higher log level.

I went through the uses of MOSQ_LOG_DEBUG and found that most cases are indeed "additional information about expected behavior", but the following messages are about unexpected behaviors:

mosquitto/src/handle_publish.c

Lines 250 to 253 in 15292b2

log__printf(NULL, MOSQ_LOG_DEBUG,
"Denied PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))",
context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic,
(long)msg->payloadlen);

mosquitto/src/handle_publish.c

Lines 277 to 280 in 15292b2

log__printf(NULL, MOSQ_LOG_DEBUG,
"Denied PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))",
context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic,
(long)msg->payloadlen);

mosquitto/src/handle_publish.c

Line 229 in 15292b2

log__printf(NULL, MOSQ_LOG_DEBUG, "Dropped too large PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))", context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic, (long)msg->payloadlen);

mosquitto/src/handle_connect.c

Line 391 in 15292b2

log__printf(NULL, MOSQ_LOG_DEBUG, "Client %s connected with too large Will payload", client_id);

mosquitto/lib/property_mosq.c

Line 145 in 15292b2

log__printf(NULL, MOSQ_LOG_DEBUG, "Unsupported property type: %d", property_identifier);

mosquitto/lib/property_mosq.c

Line 421 in 15292b2

log__printf(NULL, MOSQ_LOG_DEBUG, "Unsupported property type: %d", property->identifier);

mosquitto/src/mux_epoll.c

Line 119 in 15292b2

log__printf(NULL, MOSQ_LOG_DEBUG, "Error in epoll re-registering to EPOLLOUT: %s", strerror(errno));

mosquitto/src/mux_epoll.c

Line 138 in 15292b2

log__printf(NULL, MOSQ_LOG_DEBUG, "Error in epoll re-registering to EPOLLIN: %s", strerror(errno));

And maybe some of the messages in https://github.com/eclipse/mosquitto/blob/master/lib/net_mosq_ocsp.c.

Would you please consider changing the log level for them?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@rovo89