Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NRDB attribute limit check can fill the disk with logs if the values are too big (even when verbose is disabled) | Expose sensitive data #866

Open
cristianciutea opened this issue Dec 16, 2021 · 1 comment
Open

NRDB attribute limit check can fill the disk with logs if the values are too big (even when verbose is disabled) | Expose sensitive data #866

cristianciutea opened this issue Dec 16, 2021 · 1 comment
Labels
accepted-jira logging triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@cristianciutea
Copy link
Contributor

cristianciutea commented Dec 16, 2021
edited by brushknight
Loading

We are logging the attribute truncate messages with warnings which can cause the log file to grow a lot when the values truncated are big.

I propose to evaluate if the log level should be changed or if we should log them just one time.

https://newrelic.atlassian.net/jira/software/c/projects/GTSE/boards/1186?modal=detail&selectedIssue=GTSE-12808

	if truncated {
		aclog.
			WithField("entity_key", entityKey.String()).
			WithField("length", metric.NRDBLimit).
			WithField("original", origValue).
			WithField("truncated", fmt.Sprintf("+%v", event)).
			Warn("event truncated to NRDB limit")
	}

Also, this can leak sensitive data.
@brushknight brushknight changed the title NRDB attribute limit check can fill the disk with logs if the values are too big (even when verbose is disabled) NRDB attribute limit check can fill the disk with logs if the values are too big (even when verbose is disabled) | Expose sensitive data Jan 31, 2022
@davidgit davidgit added bug Categorizes issue or PR as related to a bug. triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed triage/in-progress labels Feb 3, 2022
@josemore josemore added accepted-jira and removed bug Categorizes issue or PR as related to a bug. labels Sep 5, 2022
@josemore
Copy link
Contributor

This is still logged as warning, should probably be moved to debug.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
accepted-jira logging triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@davidgit @josemore @cristianciutea