Providing a flag to hide log lines from the web interface #305
Labels
enhancement
This is considered a feature request, not currently guaranteed by the code or design today
mtail-Operating
Issues related to deploying and running mtail
Comments
|
Why do you want to turn that feature off?
…On Sun, 29 Mar 2020, 22:51 Guillaume ESPANEL, ***@***.***> wrote:
Hello!
currently, mtail can expose log lines through the web interface (for
example through the /progz endpoint) when they cause a program to fail (eg.
by trying to compare a string with an int).
What is your opinion on having a command line flag that would prevent
these log lines to be exposed through the web interface?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#305>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXFX63M5IVKOYY2EQECJ3DRJ4Y47ANCNFSM4LV6CIOQ>
.
|
|
In some cases, logs may contain sensitive information (think for example, a username, or an IP address) that would be better not to expose. When things are working nicely, this shouldn't be a problem. But if the application log format changes and breaks the mtail program, it could become an information leak. |
|
Yep that makes sense. Do you not firewall the mtail port though?
…On Mon, 30 Mar 2020, 21:37 Guillaume ESPANEL, ***@***.***> wrote:
In some cases, logs may contain sensitive information (think for example,
a username, or an IP address) that would be better not to expose.
When things are working nicely, this shouldn't be a problem. But if the
application log format changes and breaks the mtail program, it could
become an information leak.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#305 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXFX64TUQCYG5NX7TBNN6DRKBY7ZANCNFSM4LV6CIOQ>
.
|
|
We sure would firewall it :p! |
|
That's a good reason!
…On Tue, 31 Mar 2020 at 21:18, Guillaume ESPANEL ***@***.***> wrote:
We sure would firewall it :p!
But the people who have shell access to Prometheus (to edit its config for
example) do not necessarily have access to sensitive logs.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#305 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAXFX64NECVPCDLJKE3EN2TRKG7P7ANCNFSM4LV6CIOQ>
.
|
jaqx0r
added
enhancement
robert-heinzmann-logmein
added a commit
to robert-heinzmann-logmein/mtail
that referenced
this issue
Jul 29, 2022
robert-heinzmann-logmein
added a commit
to robert-heinzmann-logmein/mtail
that referenced
this issue
Jul 29, 2022
robert-heinzmann-logmein
added a commit
to robert-heinzmann-logmein/mtail
that referenced
this issue
Jul 29, 2022
robert-heinzmann-logmein
pushed a commit
to robert-heinzmann-logmein/mtail
that referenced
this issue
Jul 29, 2022
|
I reopened the original PR with a new branch. I also added an option to disable the /varz and /progz endpoints, as those could also leak some information that is not intended for public access as typically needed with prometheus. |
robert-heinzmann-logmein
pushed a commit
to robert-heinzmann-logmein/mtail
that referenced
this issue
Sep 15, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hello!
currently, mtail can expose log lines through the web interface (for example through the /progz endpoint) when they cause a program to fail (eg. by trying to compare a string with an int).
What is your opinion on having a command line flag that would prevent these log lines to be exposed through the web interface?
The text was updated successfully, but these errors were encountered: