Uploaded image for project: 'Red Hat Data Grid'
  1. Red Hat Data Grid
  2. JDG-7734

Enhance Hot Rod access logging to also log failed connection/authentication attempts.

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • RHDG Operator CSV 8.4.5 GA
    • None
    • None

      Currently, enabling access logging for Hot Rod and REST via log4j2.xml by setting the level to TRACE has different behaviors:

      <!-- Hot Rod access log -->
      <Logger name="org.infinispan.HOTROD_ACCESS_LOG" additivity="false" level="INFO">
      <AppenderRef ref="HR-ACCESS-FILE"/>
      </Logger>

      <!-- REST access log -->
      <Logger name="org.infinispan.REST_ACCESS_LOG" additivity="false" level="INFO">
      <AppenderRef ref="REST-ACCESS-FILE"/>
      </Logger>

      REST access log records both successful and failed requests, including unauthorized attempts (401).

      127.0.0.1 - [02/Sep/2025:11:50:16 +0200] "GET /rest/v2/server HTTP/1.1" 401 0 0 0
      127.0.0.1 - [02/Sep/2025:11:50:57 +0200] "GET /rest/v2/server HTTP/1.1" 401 0 0 1

      Hot Rod access log, instead, records only successful requests.

      127.0.0.1 - [02/Sep/2025:12:55:16 +0200] "PING // HOTROD/3.1" OK 162 123 1
      127.0.0.1 - [02/Sep/2025:12:55:16 +0200] "PING // HOTROD/3.1" OK 14 123 0

      Customers cannot see failed Hot Rod connection attempts (due to invalid credentials).

      In environments with many clients, it becomes impossible to identify which clients are failing authentication, since their IPs are not logged.

      This is inconsistent with REST access logging and reduces observability.

      By making Hot Rod access logs include also failed authentication attemps as in the REST access logs allows admins to identify misconfigured or unauthorized clients by their IP addresses.

              rh-ee-jbolina Jose Bolina
              dscrimie84 Davide Scrimieri
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: