eclipse / mosquitto

This might be a feature, not a bug, but I feel that "Denied PUBLISH" messages should be logged in the default configuration. Currently, the two messages use MOSQ_LOG_DEBUG. I think they should be moved to MOSQ_LOG_WARNING (or some other log level that is enabled by default). Not necessarily MOSQ_LOG_ERR because it's not a problem with Mosquitto itself.

Rationale: I expect that ACLs are usually a safety net, i.e. under normal circumstances, every client only publishes/subscribes to topics they're authorized for. But in case of trespassing, I would like to know about it. Right now, I would have to keep log_level debug enabled permanently, but that generates a lot of messages. In my opinion, debug messages should confirm that things are running as expected and provide more information about these things (e.g. "Sending PUBLISH"), but if something unexpected happens, it should get a higher log level.

I went through the uses of MOSQ_LOG_DEBUG and found that most cases are indeed "additional information about expected behavior", but the following messages are about unexpected behaviors:

mosquitto/src/handle_publish.c

Lines 250 to 253 in 15292b2

    
           log__printf(NULL, MOSQ_LOG_DEBUG, 
        
           		"Denied PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))", 
        
           		context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic, 
        
           		(long)msg->payloadlen);

mosquitto/src/handle_publish.c

Lines 277 to 280 in 15292b2

    
           log__printf(NULL, MOSQ_LOG_DEBUG, 
        
           		"Denied PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))", 
        
           		context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic, 
        
           		(long)msg->payloadlen);

mosquitto/src/handle_publish.c

Line 229 in 15292b2

    
           log__printf(NULL, MOSQ_LOG_DEBUG, "Dropped too large PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))", context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic, (long)msg->payloadlen);

mosquitto/src/handle_connect.c

Line 391 in 15292b2

    
           log__printf(NULL, MOSQ_LOG_DEBUG, "Client %s connected with too large Will payload", client_id);

mosquitto/lib/property_mosq.c

Line 145 in 15292b2

    
           log__printf(NULL, MOSQ_LOG_DEBUG, "Unsupported property type: %d", property_identifier);

mosquitto/lib/property_mosq.c

Line 421 in 15292b2

    
           log__printf(NULL, MOSQ_LOG_DEBUG, "Unsupported property type: %d", property->identifier);

mosquitto/src/mux_epoll.c

Line 119 in 15292b2

    
           log__printf(NULL, MOSQ_LOG_DEBUG, "Error in epoll re-registering to EPOLLOUT: %s", strerror(errno));

mosquitto/src/mux_epoll.c

Line 138 in 15292b2

    
           log__printf(NULL, MOSQ_LOG_DEBUG, "Error in epoll re-registering to EPOLLIN: %s", strerror(errno));

And maybe some of the messages in https://github.com/eclipse/mosquitto/blob/master/lib/net_mosq_ocsp.c.

Would you please consider changing the log level for them?

	log__printf(NULL, MOSQ_LOG_DEBUG,
	"Denied PUBLISH from %s (d%d, q%d, r%d, m%d, '%s', ... (%ld bytes))",
	context->id, dup, msg->qos, msg->retain, msg->source_mid, msg->topic,
	(long)msg->payloadlen);

"Denied PUBLISH" messages are only logged as debug messages