Elastic Social Manual / Version 2107
Table Of ContentsCoreMedia Elastic Social controls and processes personal data. Thus it is important to deal carefully with data logged by applications having Elastic Social enabled. In general it is advisable to turn off any debug logging and below as debug logging events might contain further personal data.
SLF4j Logging Markers
Logging events containing personal data or which might contain personal data are marked with so called
SLF4j Logging Markers.
There are two markers in
BaseMarker
dedicated to mark personal data logging events:
-
PERSONAL_DATA
("personalData"
) - Marks any logging event revealing personal data
-
UNCLASSIFIED_PERSONAL_DATA
("unclassified PersonalData"
) - Marks any logging event possibly revealing personal data. One example are logged exception stacktraces which are raised by third-party libraries where you have no control if any of your personal data you handed over to the library will be mentioned in the exception message. You should expect many false-positives in unclassified personal data logging events.
Logback Marker Filters
The SLF4j Logging Markers can be used to configure Logback, so that logging events containing personal data can either be ignored or redirected to dedicated files which for example are better secured. To do so, configure Logback Filters.
<appender name="personalData" class="ch.qos.logback.core.rolling.RollingFileAppender" additivity="false"> <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> <evaluator class="ch.qos.logback.classic.boolex.OnMarkerEvaluator"> <marker>personalData</marker> </evaluator> <OnMismatch>DENY</OnMismatch> <OnMatch>ACCEPT</OnMatch> </filter> <file>personalData.log</file> [...] </appender>
Example 3.1. Logback Filtering using OnMarkerEvaluator
Example 3.1, “Logback Filtering using OnMarkerEvaluator” shows an example which will redirect any personal data logging events to an extra file and remove it from other files. This includes events which contain personal data and those which might contain personal data (unclassified).
<appender name="personalData" class="ch.qos.logback.core.rolling.RollingFileAppender" additivity="false"> <filter class="ch.qos.logback.core.filter.EvaluatorFilter"> <evaluator> <expression><![CDATA[ return marker != null && marker.contains("personalData") && !marker.contains("unclassifiedPersonalData") ; ]]></expression> </evaluator> <OnMismatch>DENY</OnMismatch> <OnMatch>ACCEPT</OnMatch> </filter> <file>personalData.log</file> [...] </appender>
Example 3.2. Logback Filtering using JaninoEventEvaluator (default evaluator)
The Logback default evaluator provides more sophisticated control right within the logging configuration without providing a custom evaluator. Example 3.2, “Logback Filtering using JaninoEventEvaluator (default evaluator)” shows an example how to only filter those events which really contain personal data and ignore those which might contain false positives.
Identifying Elastic Social Applications
In order to adjust the logging configuration for Elastic Social it is important to know which applications
have Elastic Social enabled. To identify these applications you can search for transitive dependencies on any of
the Elastic Social modules with Maven groupId
com.coremedia.elastic.social
.
Example 3.3, “Elastic Social Applications Search”
shows how you might find such usages based on GNU Grep and xargs.
$ grep --recursive --files-with-matches --ignore-case \ --include "pom.xml" "<packaging>war</packaging>" | \ xargs --replace \ mvn --file {} dependency:tree \ -Dincludes="com.coremedia.elastic.social*::jar" -DoutputFile=$TMP/elastic-social-applications.txt \ -DappendOutput=true
Example 3.3. Elastic Social Applications Search
In default CoreMedia Blueprint the following applications use Elastic Social:
-
cae
-
es-worker-component
-
studio-client
-
studio-server
For details on application logging configuration see:
- Section 4.7, “Logging” in Operations Basics