It looks like the HTTP:BL registers an "alert" - the second highest level of watchdog log type - whenever an IP address is banned. I would like to argue that this is the wrong logging level.

We monitor our sites for critical error conditions - but blacklisting is a normal part of the use of this module. An alert suggests immediate action needs to be taken, and our monitoring systems treat it accordingly.

In httbl.module, line 486:
watchdog('httpbl', '%ip failed session whitelist request, blacklisted for %return_date.', array('%ip' => $ip, '%return_date' => $return_date), WATCHDOG_ALERT, $iplink);

This line is triggered when someone is blacklisted via http:bl. However, WATCHDOG_ALERT seems like the wrong setting for this. I'd recommend instead WATCHDOG_WARNING. Or possibly WATCHDOG_ERROR. Certainly not above that. See here: https://api.drupal.org/api/drupal/includes%21bootstrap.inc/function/watc....

I would be happy to submit a patch for this on the latest Dev version, if the author agrees that this should change.

CommentFileSizeAuthor
#2 httpbl.module.patch1.79 KBk.elizabeth
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

k.elizabeth created an issue. See original summary.

k.elizabeth’s picture

k.elizabeth CreditAttribution: k.elizabeth commented
Status: Needs work » Patch (to be ported)
FileSize
httpbl.module.patch1.79 KB

I am submitting a patch to 7.x-1.x-dev for review that addresses this issue. All instances of WATCHDOG_ALERT are changed to WATCHDOG_WARNING.

bryrock’s picture

bryrock CreditAttribution: bryrock as a volunteer commented
Status: Patch (to be ported) » Fixed

Thanks for the fix. It's been committed.

If anyone is interested there is (finally) a D8 dev release. It's all new and radically different. The old records are now manageable "Host' entities, with core services handling the entity and storage management (no more hand-painted SQL).

The old Views reports are gone, and have been replaced by an Admin View where you can manage the hosts (if you're so inclined), including a bunch of bulk actions.

And the logging logic is all entirely out of the way of the mainline logic. You want to log a debug message, just go ahead and do it, and a LogTrapper service (httpbl exclusive!) then decides whether or not to actually send it, based on the config.

bryrock’s picture

bryrock CreditAttribution: bryrock as a volunteer commented
Version: 7.x-1.x-dev » 7.x-1.1-rc1

Fix included in release candidate 7.x-1.1-rc1.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.