mirror of
https://github.com/corda/corda.git
synced 2024-12-30 09:48:59 +00:00
835321bb70
Fixes DDoS attack mentioned on the Jira ticket. PR upgrades Artemis library to version 2.19.1. This is our own release of Apache Artemis library which has vulnerability fix for v2.20 applied. **_Breaking changes discovered during Artemis upgrade:_** 1. When the queue is created as temporary, it needs to explicitly be specified as non-durable. 2. By default, Artemis Client performs Host DNS name check against the certificate presented by the server. Our TLS certificates fail this check and this verification has to be explicitly disabled, see use of: `TransportConstants.VERIFY_HOST_PROP_NAME`. 3. Artemis Server now caches login attempts, even unsuccessful ones. When we add RPC users dynamically via DB insert this may have an unexpected outcome if the user with the same `userName` and `password` was not available previously. To workaround permissions changing dynamically, authorization and authentication caches had to be disabled. 4. When computing `maxMessageSize`, the size of the headers content is now taken into account as well. 5. Artemis handling of start-up errors has changed. E.g. when the port is already bound. 6. A number of deprecated APIs like: `createTemporaryQueue`, `failoverOnInitialAttempt`, `NullOutputStream`, `CoreQueueConfiguration`. 7. Log warning message is produced like: `AMQ212080: Using legacy SSL store provider value: JKS. Please use either 'keyStoreType' or 'trustStoreType' instead as appropriate.` 8. As reported by QA, Artemis now produces more audit logging more details [here](https://r3-cev.atlassian.net/browse/ENT-6540). Log configuration been adjusted to reduce such output.
222 lines
10 KiB
XML
222 lines
10 KiB
XML
<?xml version="1.0" encoding="UTF-8"?>
|
|
<Configuration status="info" shutdownHook="disable">
|
|
|
|
<Properties>
|
|
<Property name="log-path">${sys:log-path:-logs}</Property>
|
|
<Property name="log-name">node-${hostName}</Property>
|
|
<Property name="diagnostic-log-name">diagnostic-${hostName}</Property>
|
|
<Property name="archive">${log-path}/archive</Property>
|
|
<Property name="defaultLogLevel">${sys:defaultLogLevel:-info}</Property>
|
|
<Property name="consoleLogLevel">${sys:consoleLogLevel:-error}</Property>
|
|
</Properties>
|
|
|
|
<Appenders>
|
|
<ScriptAppenderSelector name="Console-Selector">
|
|
<Script language="nashorn"><![CDATA[
|
|
var System = Java.type('java.lang.System');
|
|
var level = System.getProperty("consoleLogLevel");
|
|
var enabled = System.getProperty("consoleLoggingEnabled");
|
|
enabled == "true" && (level == "debug" || level == "trace") ? "Console-Debug-Appender" : "Console-Appender";
|
|
]]></Script>
|
|
<AppenderSet>
|
|
|
|
<!-- The default console appender - prints no exception information -->
|
|
<Console name="Console-Appender" target="SYSTEM_OUT">
|
|
<PatternLayout>
|
|
<ScriptPatternSelector
|
|
defaultPattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg%n%throwable{0}}{INFO=white,WARN=red,FATAL=bright red}">
|
|
<Script name="MDCSelector" language="javascript"><![CDATA[
|
|
result = null;
|
|
if (!logEvent.getContextData().size() == 0) {
|
|
result = "WithMDC";
|
|
} else {
|
|
result = null;
|
|
}
|
|
result;
|
|
]]>
|
|
</Script>
|
|
<PatternMatch key="WithMDC" pattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg %X%n%throwable{0}}{INFO=white,WARN=red,FATAL=bright red}"/>
|
|
</ScriptPatternSelector>
|
|
</PatternLayout>
|
|
</Console>
|
|
|
|
<!-- The console appender when debug or trace level logging is specified. Prints full stack trace -->
|
|
<Console name="Console-Debug-Appender" target="SYSTEM_OUT">
|
|
<PatternLayout>
|
|
<ScriptPatternSelector defaultPattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg%n%throwable{}}{INFO=white,WARN=red,FATAL=bright red}">
|
|
<Script name="MDCSelector" language="javascript"><![CDATA[
|
|
result = null;
|
|
if (!logEvent.getContextData().size() == 0) {
|
|
result = "WithMDC";
|
|
} else {
|
|
result = null;
|
|
}
|
|
result;
|
|
]]>
|
|
</Script>
|
|
<PatternMatch key="WithMDC" pattern="%highlight{[%level{length=5}] %date{HH:mm:ssZ} [%t] %c{2}.%method - %msg %X%n%throwable{}}{INFO=white,WARN=red,FATAL=bright red}"/>
|
|
</ScriptPatternSelector>
|
|
</PatternLayout>
|
|
</Console>
|
|
</AppenderSet>
|
|
</ScriptAppenderSelector>
|
|
|
|
<!-- Required for printBasicInfo -->
|
|
<Console name="Console-Appender-Println" target="SYSTEM_OUT">
|
|
<PatternLayout pattern="%msg%n%throwable{0}" />
|
|
</Console>
|
|
|
|
<!-- Will generate up to 500 log files for a given day. Adjust this number according to the available storage.
|
|
During every rollover it will delete those that are older than 60 days, but keep the most recent 10 GB -->
|
|
<RollingRandomAccessFile name="RollingFile-Appender"
|
|
fileName="${log-path}/${log-name}.log"
|
|
filePattern="${archive}/${log-name}.%date{yyyy-MM-dd}-%i.log.gz">
|
|
|
|
<PatternLayout>
|
|
<ScriptPatternSelector defaultPattern="[%-5level] %date{ISO8601}{UTC}Z [%t] %c{2}.%method - %msg%n">
|
|
<Script name="MDCSelector" language="javascript"><![CDATA[
|
|
result = null;
|
|
if (!logEvent.getContextData().size() == 0) {
|
|
result = "WithMDC";
|
|
} else {
|
|
result = null;
|
|
}
|
|
result;
|
|
]]>
|
|
</Script>
|
|
<PatternMatch key="WithMDC" pattern="[%-5level] %date{ISO8601}{UTC}Z [%t] %c{2}.%method - %msg %X%n"/>
|
|
</ScriptPatternSelector>
|
|
</PatternLayout>
|
|
|
|
<Policies>
|
|
<TimeBasedTriggeringPolicy/>
|
|
<SizeBasedTriggeringPolicy size="100MB"/>
|
|
</Policies>
|
|
|
|
<DefaultRolloverStrategy min="1" max="500">
|
|
<Delete basePath="${archive}" maxDepth="1">
|
|
<IfFileName glob="${log-name}*.log.gz"/>
|
|
<IfLastModified age="60d">
|
|
<IfAny>
|
|
<IfAccumulatedFileSize exceeds="10 GB"/>
|
|
</IfAny>
|
|
</IfLastModified>
|
|
</Delete>
|
|
</DefaultRolloverStrategy>
|
|
|
|
</RollingRandomAccessFile>
|
|
|
|
<!-- Will generate up to 100 log files for a given day. During every rollover it will delete
|
|
those that are older than 60 days, but keep the most recent 10 GB -->
|
|
<RollingRandomAccessFile name="Diagnostic-RollingFile-Appender"
|
|
fileName="${log-path}/${diagnostic-log-name}.log"
|
|
filePattern="${archive}/${diagnostic-log-name}.%date{yyyy-MM-dd}-%i.log.gz">
|
|
|
|
<PatternLayout>
|
|
<ScriptPatternSelector defaultPattern="[%-5level] %date{ISO8601}{UTC}Z [%t] %c{2}.%method - %msg%n">
|
|
<Script name="MDCSelector" language="javascript"><![CDATA[
|
|
result = null;
|
|
if (!logEvent.getContextData().size() == 0) {
|
|
result = "WithMDC";
|
|
} else {
|
|
result = null;
|
|
}
|
|
result;
|
|
]]>
|
|
</Script>
|
|
<PatternMatch key="WithMDC" pattern="[%-5level] %date{ISO8601}{UTC}Z [%t] %c{2}.%method - %msg %X%n"/>
|
|
</ScriptPatternSelector>
|
|
</PatternLayout>
|
|
|
|
<Policies>
|
|
<TimeBasedTriggeringPolicy/>
|
|
<SizeBasedTriggeringPolicy size="100MB"/>
|
|
</Policies>
|
|
|
|
<DefaultRolloverStrategy min="1" max="100">
|
|
<Delete basePath="${archive}" maxDepth="1">
|
|
<IfFileName glob="${log-name}*.log.gz"/>
|
|
<IfLastModified age="60d">
|
|
<IfAny>
|
|
<IfAccumulatedFileSize exceeds="10 GB"/>
|
|
</IfAny>
|
|
</IfLastModified>
|
|
</Delete>
|
|
</DefaultRolloverStrategy>
|
|
|
|
</RollingRandomAccessFile>
|
|
|
|
<RollingFile name="Checkpoint-Agent-RollingFile-Appender"
|
|
fileName="${log-path}/checkpoints_agent-${date:yyyyMMdd-HHmmss}.log"
|
|
filePattern="${archive}/checkpoints_agent.%date{yyyy-MM-dd}-%i.log.gz">
|
|
|
|
<PatternLayout pattern="[%-5level] %date{ISO8601}{UTC}Z [%t] %c{2}.%method - %msg%n"/>
|
|
|
|
<Policies>
|
|
<TimeBasedTriggeringPolicy/>
|
|
<SizeBasedTriggeringPolicy size="100MB"/>
|
|
</Policies>
|
|
|
|
<DefaultRolloverStrategy min="1" max="100">
|
|
<Delete basePath="${archive}" maxDepth="1">
|
|
<IfFileName glob="${log-name}*.log.gz"/>
|
|
<IfLastModified age="60d">
|
|
<IfAny>
|
|
<IfAccumulatedFileSize exceeds="10 GB"/>
|
|
</IfAny>
|
|
</IfLastModified>
|
|
</Delete>
|
|
</DefaultRolloverStrategy>
|
|
|
|
</RollingFile>
|
|
|
|
<Rewrite name="Console-ErrorCode-Selector">
|
|
<AppenderRef ref="Console-Selector"/>
|
|
</Rewrite>
|
|
|
|
<Rewrite name="Console-ErrorCode-Appender-Println">
|
|
<AppenderRef ref="Console-Appender-Println"/>
|
|
</Rewrite>
|
|
|
|
<Rewrite name="RollingFile-ErrorCode-Appender">
|
|
<AppenderRef ref="RollingFile-Appender"/>
|
|
</Rewrite>
|
|
<Rewrite name="Diagnostic-RollingFile-ErrorCode-Appender">
|
|
<AppenderRef ref="Diagnostic-RollingFile-Appender"/>
|
|
</Rewrite>
|
|
</Appenders>
|
|
|
|
<Loggers>
|
|
<Root level="${defaultLogLevel}">
|
|
<AppenderRef ref="Console-ErrorCode-Selector" level="${consoleLogLevel}"/>
|
|
<AppenderRef ref="RollingFile-ErrorCode-Appender"/>
|
|
</Root>
|
|
<Logger name="BasicInfo" additivity="false">
|
|
<AppenderRef ref="Console-ErrorCode-Appender-Println"/>
|
|
<AppenderRef ref="RollingFile-ErrorCode-Appender"/>
|
|
</Logger>
|
|
<Logger name="org.hibernate" level="warn" additivity="false">
|
|
<AppenderRef ref="Diagnostic-RollingFile-ErrorCode-Appender"/>
|
|
</Logger>
|
|
<Logger name="org.hibernate.SQL" level="info" additivity="false">
|
|
<AppenderRef ref="Console-ErrorCode-Selector"/>
|
|
<AppenderRef ref="RollingFile-ErrorCode-Appender"/>
|
|
</Logger>
|
|
<Logger name="org.apache.activemq.artemis.core.server" level="error" additivity="false">
|
|
<AppenderRef ref="Console-ErrorCode-Selector"/>
|
|
<AppenderRef ref="RollingFile-ErrorCode-Appender"/>
|
|
</Logger>
|
|
<Logger name="org.apache.activemq.audit" level="error" additivity="false">
|
|
<AppenderRef ref="Console-ErrorCode-Selector"/>
|
|
<AppenderRef ref="RollingFile-ErrorCode-Appender"/>
|
|
</Logger>
|
|
<Logger name="org.jolokia" additivity="true" level="warn">
|
|
<AppenderRef ref="Console-ErrorCode-Appender-Println"/>
|
|
<AppenderRef ref="RollingFile-ErrorCode-Appender"/>
|
|
</Logger>
|
|
<Logger name="CheckpointAgent" level="debug" additivity="false">
|
|
<AppenderRef ref="Checkpoint-Agent-RollingFile-Appender"/>
|
|
</Logger>
|
|
</Loggers>
|
|
</Configuration>
|