"Denied PUBLISH" messages are only logged as debug messages
rovo89 opened this issue · comments
This might be a feature, not a bug, but I feel that "Denied PUBLISH" messages should be logged in the default configuration. Currently, the two messages use MOSQ_LOG_DEBUG
. I think they should be moved to MOSQ_LOG_WARNING
(or some other log level that is enabled by default). Not necessarily MOSQ_LOG_ERR
because it's not a problem with Mosquitto itself.
Rationale: I expect that ACLs are usually a safety net, i.e. under normal circumstances, every client only publishes/subscribes to topics they're authorized for. But in case of trespassing, I would like to know about it. Right now, I would have to keep log_level debug
enabled permanently, but that generates a lot of messages. In my opinion, debug messages should confirm that things are running as expected and provide more information about these things (e.g. "Sending PUBLISH"), but if something unexpected happens, it should get a higher log level.
I went through the uses of MOSQ_LOG_DEBUG
and found that most cases are indeed "additional information about expected behavior", but the following messages are about unexpected behaviors:
mosquitto/src/handle_publish.c
Lines 250 to 253 in 15292b2
mosquitto/src/handle_publish.c
Lines 277 to 280 in 15292b2
mosquitto/src/handle_publish.c
Line 229 in 15292b2
mosquitto/src/handle_connect.c
Line 391 in 15292b2
Line 145 in 15292b2
Line 421 in 15292b2
Line 119 in 15292b2
Line 138 in 15292b2
And maybe some of the messages in https://github.com/eclipse/mosquitto/blob/master/lib/net_mosq_ocsp.c.
Would you please consider changing the log level for them?