From 7cff1e30c18f44dc799fd59daa4873e80155692c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Micha=C5=82=20Goworko?= <mgw@touk.pl>
Date: Thu, 27 Nov 2025 18:09:39 +0100
Subject: [PATCH 1/2] Use log4j2 config provided by customer

---
 ror-demo-cluster/conf/es/log4j2.properties | 183 +++++++++++++--------
 ror-demo-cluster/conf/es/readonlyrest.yml  |   4 +-
 utils/extract_license_edition.sh           |   2 +-
 3 files changed, 121 insertions(+), 68 deletions(-)

diff --git a/ror-demo-cluster/conf/es/log4j2.properties b/ror-demo-cluster/conf/es/log4j2.properties
index 1865d8e..452cd9c 100644
--- a/ror-demo-cluster/conf/es/log4j2.properties
+++ b/ror-demo-cluster/conf/es/log4j2.properties
@@ -15,71 +15,122 @@
 #     along with ReadonlyREST.  If not, see http://www.gnu.org/licenses/
 #
 #
-status=error
-# log actionPost execution errors for easier debugging
-logger.action.name=org.elasticsearch.action
-logger.action.level=info
-appender.console.type=Console
-appender.console.name=console
-appender.console.layout.type=PatternLayout
-appender.console.layout.pattern=[%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n
-appender.rolling.type=RollingFile
-appender.rolling.name=rolling
-appender.rolling.fileName=${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
-appender.rolling.layout.type=PatternLayout
-appender.rolling.layout.pattern=[%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n
-appender.rolling.filePattern=${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}.log
-appender.rolling.policies.type=Policies
-appender.rolling.policies.time.type=TimeBasedTriggeringPolicy
-appender.rolling.policies.time.interval=1
-appender.rolling.policies.time.modulate=true
-rootLogger.level=info
-rootLogger.appenderRef.console.ref=console
-rootLogger.appenderRef.rolling.ref=rolling
-appender.deprecation_rolling.type=RollingFile
-appender.deprecation_rolling.name=deprecation_rolling
-appender.deprecation_rolling.fileName=${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log
-appender.deprecation_rolling.layout.type=PatternLayout
-appender.deprecation_rolling.layout.pattern=[%d{ISO8601}][%-5p][%-25c{1.}] %marker%.10000m%n
-appender.deprecation_rolling.filePattern=${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.log.gz
-appender.deprecation_rolling.policies.type=Policies
-appender.deprecation_rolling.policies.size.type=SizeBasedTriggeringPolicy
-appender.deprecation_rolling.policies.size.size=1GB
-appender.deprecation_rolling.strategy.type=DefaultRolloverStrategy
-appender.deprecation_rolling.strategy.max=4
+status = error
+
+# log action execution errors for easier debugging
+logger.action.name = org.elasticsearch.action
+logger.action.level = debug
+
+appender.console.type = Console
+appender.console.name = console
+appender.console.layout.type = PatternLayout
+appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker%m%n
+
+appender.readonlyrest_audit_rolling.type = RollingFile
+appender.readonlyrest_audit_rolling.name = readonlyrest_audit_rolling
+appender.readonlyrest_audit_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}readonlyrest_audit.log
+appender.readonlyrest_audit_rolling.layout.type = PatternLayout
+appender.readonlyrest_audit_rolling.layout.pattern = [%d{ISO8601}] %m%n
+appender.readonlyrest_audit_rolling.filePattern = readonlyrest_audit-%i.log.gz
+appender.readonlyrest_audit_rolling.policies.type = Policies
+appender.readonlyrest_audit_rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.readonlyrest_audit_rolling.policies.size.size = 1GB
+appender.readonlyrest_audit_rolling.strategy.type = DefaultRolloverStrategy
+appender.readonlyrest_audit_rolling.strategy.max = 4
+
+# Logger name, required, must be the same as the one defined in `readonlyrest.yml` audit configuration.
+# If a custom logger name is not defined there, then the default logger name is "readonlyrest_audit"
+logger.readonlyrest_audit.name = readonlyrest_audit
+logger.readonlyrest_audit.appenderRef.readonlyrest_audit_rolling.ref = readonlyrest_audit_rolling
+# set to false to use only desired appenders
+logger.readonlyrest_audit.additivity = false
+
+appender.rolling.type = RollingFile
+appender.rolling.name = rolling
+appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}.log
+appender.rolling.layout.type = PatternLayout
+appender.rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker%.-10000m%n
+appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.log.gz
+appender.rolling.policies.type = Policies
+appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.rolling.policies.time.interval = 1
+appender.rolling.policies.time.modulate = true
+appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.rolling.policies.size.size = 1024MB
+
+#appender.rolling.strategy.max = 50
+#appender.rolling.strategy.type = DefaultRolloverStrategy
+#appender.rolling.strategy.action.type = Delete
+#appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
+#appender.rolling.strategy.action.condition.type = IfLastModified
+#appender.rolling.strategy.action.condition.age = 7D
+#appender.rolling.strategy.action.PathConditions.type = IfFileName
+#appender.rolling.strategy.action.PathConditions.glob = ${sys:es.logs.cluster_name}-*
+
+rootLogger.level = info
+rootLogger.appenderRef.console.ref = console
+rootLogger.appenderRef.rolling.ref = rolling
+
+appender.deprecation_rolling.type = RollingFile
+appender.deprecation_rolling.name = deprecation_rolling
+appender.deprecation_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation.log
+appender.deprecation_rolling.layout.type = PatternLayout
+appender.deprecation_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker%.-10000m%n
+appender.deprecation_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_deprecation-%i.log.gz
+appender.deprecation_rolling.policies.type = Policies
+appender.deprecation_rolling.policies.size.type = SizeBasedTriggeringPolicy
+appender.deprecation_rolling.policies.size.size = 1GB
+appender.deprecation_rolling.strategy.type = DefaultRolloverStrategy
+appender.deprecation_rolling.strategy.max = 4
 logger.deprecation.name = org.elasticsearch.deprecation
-logger.deprecation.level = deprecation
-logger.deprecation.appenderRef.header_warning.ref = header_warning
-logger.deprecation.appenderRef.deprecation_rolling.ref=deprecation_rolling
-logger.deprecation.additivity=false
-appender.index_search_slowlog_rolling.type=RollingFile
-appender.index_search_slowlog_rolling.name=index_search_slowlog_rolling
-appender.index_search_slowlog_rolling.fileName=${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog.log
-appender.index_search_slowlog_rolling.layout.type=PatternLayout
-appender.index_search_slowlog_rolling.layout.pattern=[%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n
-appender.index_search_slowlog_rolling.filePattern=${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog-%d{yyyy-MM-dd}.log
-appender.index_search_slowlog_rolling.policies.type=Policies
-appender.index_search_slowlog_rolling.policies.time.type=TimeBasedTriggeringPolicy
-appender.index_search_slowlog_rolling.policies.time.interval=1
-appender.index_search_slowlog_rolling.policies.time.modulate=true
-logger.index_search_slowlog_rolling.name=index.search.slowlog
-logger.index_search_slowlog_rolling.level=trace
-logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref=index_search_slowlog_rolling
-logger.index_search_slowlog_rolling.additivity=false
-appender.index_indexing_slowlog_rolling.type=RollingFile
-appender.index_indexing_slowlog_rolling.name=index_indexing_slowlog_rolling
-appender.index_indexing_slowlog_rolling.fileName=${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog.log
-appender.index_indexing_slowlog_rolling.layout.type=PatternLayout
-appender.index_indexing_slowlog_rolling.layout.pattern=[%d{ISO8601}][%-5p][%-25c] %marker%.10000m%n
-appender.index_indexing_slowlog_rolling.filePattern=${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog-%d{yyyy-MM-dd}.log
-appender.index_indexing_slowlog_rolling.policies.type=Policies
-appender.index_indexing_slowlog_rolling.policies.time.type=TimeBasedTriggeringPolicy
-appender.index_indexing_slowlog_rolling.policies.time.interval=1
-appender.index_indexing_slowlog_rolling.policies.time.modulate=true
-logger.index_indexing_slowlog.name=index.indexing.slowlog.index
-logger.index_indexing_slowlog.level=trace
-logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref=index_indexing_slowlog_rolling
-logger.index_indexing_slowlog.additivity=false
+logger.deprecation.level = warn
+logger.deprecation.appenderRef.deprecation_rolling.ref = deprecation_rolling
+logger.deprecation.additivity = false
+
+appender.index_search_slowlog_rolling.type = RollingFile
+appender.index_search_slowlog_rolling.name = index_search_slowlog_rolling
+appender.index_search_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog.log
+appender.index_search_slowlog_rolling.layout.type = PatternLayout
+appender.index_search_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] [%node_name]%marker%.-10000m%n
+appender.index_search_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_search_slowlog-%d{yyyy-MM-dd}.log.gz
+appender.index_search_slowlog_rolling.policies.type = Policies
+appender.index_search_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.index_search_slowlog_rolling.policies.time.interval = 1
+appender.index_search_slowlog_rolling.policies.time.modulate = true
+
+logger.index_search_slowlog_rolling.name = index.search.slowlog
+logger.index_search_slowlog_rolling.level = trace
+logger.index_search_slowlog_rolling.appenderRef.index_search_slowlog_rolling.ref = index_search_slowlog_rolling
+logger.index_search_slowlog_rolling.additivity = false
+
+appender.index_indexing_slowlog_rolling.type = RollingFile
+appender.index_indexing_slowlog_rolling.name = index_indexing_slowlog_rolling
+appender.index_indexing_slowlog_rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog.log
+appender.index_indexing_slowlog_rolling.layout.type = PatternLayout
+appender.index_indexing_slowlog_rolling.layout.pattern = [%d{ISO8601}][%-5p][%-25c] [%node_name]%marker%.-10000m%n
+appender.index_indexing_slowlog_rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_index_indexing_slowlog-%d{yyyy-MM-dd}.log.gz
+appender.index_indexing_slowlog_rolling.policies.type = Policies
+appender.index_indexing_slowlog_rolling.policies.time.type = TimeBasedTriggeringPolicy
+appender.index_indexing_slowlog_rolling.policies.time.interval = 1
+appender.index_indexing_slowlog_rolling.policies.time.modulate = true
+
+logger.index_indexing_slowlog.name = index.indexing.slowlog.index
+logger.index_indexing_slowlog.level = trace
+logger.index_indexing_slowlog.appenderRef.index_indexing_slowlog_rolling.ref = index_indexing_slowlog_rolling
+logger.index_indexing_slowlog.additivity = false
+
+#appender.rolling.strategy.max = 50
+appender.rolling.strategy.type = DefaultRolloverStrategy
+appender.rolling.strategy.action.type = Delete
+appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
+appender.rolling.strategy.action.PathConditions.type = IfFileName
+appender.rolling.strategy.action.PathConditions.glob = ${sys:es.logs.cluster_name}*
 
-logger.ror.name=tech.beshu.ror.accesscontrol.blocks.rules.elasticsearch.indices
-logger.ror.level=info
\ No newline at end of file
+appender.rolling.strategy.action.condition.type = IfFileName
+appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}*
+#delete old logs after 7 days or when exceeding 39.5 GB
+appender.rolling.strategy.action.condition.nested_condition.type = IfAny
+appender.rolling.strategy.action.condition.nested_condition.fileSize.type = IfAccumulatedFileSize
+appender.rolling.strategy.action.condition.nested_condition.fileSize.exceeds = 39.5GB
+appender.rolling.strategy.action.condition.nested_condition.lastMod.type = IfLastModified
+appender.rolling.strategy.action.condition.nested_condition.lastMod.age = 7D
diff --git a/ror-demo-cluster/conf/es/readonlyrest.yml b/ror-demo-cluster/conf/es/readonlyrest.yml
index 252c463..58497be 100644
--- a/ror-demo-cluster/conf/es/readonlyrest.yml
+++ b/ror-demo-cluster/conf/es/readonlyrest.yml
@@ -2,7 +2,9 @@ readonlyrest:
 
   audit:
     enabled: true
-    outputs: [index]
+    outputs:
+      - type: index
+      - type: log
 
   access_control_rules:
 
diff --git a/utils/extract_license_edition.sh b/utils/extract_license_edition.sh
index ab6f638..b455631 100755
--- a/utils/extract_license_edition.sh
+++ b/utils/extract_license_edition.sh
@@ -1,4 +1,4 @@
-#!/usr/bin/env sh
+#!/usr/bin/env bash
 # Extract 'license.edition' from a ROR_ACTIVATION_KEY
 # Usage: extract_license_edition.sh <rorActivationLicense>
 set -eu

From 3ec8539469104664c96228b9898c8b9a57dd35f7 Mon Sep 17 00:00:00 2001
From: coutoPL <coutoPL@gmail.com>
Date: Fri, 5 Dec 2025 09:54:20 +0100
Subject: [PATCH 2/2] disable ROR ACL logging in the main log file

---
 ror-demo-cluster/conf/es/log4j2.properties | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/ror-demo-cluster/conf/es/log4j2.properties b/ror-demo-cluster/conf/es/log4j2.properties
index 452cd9c..efd3c7b 100644
--- a/ror-demo-cluster/conf/es/log4j2.properties
+++ b/ror-demo-cluster/conf/es/log4j2.properties
@@ -134,3 +134,6 @@ appender.rolling.strategy.action.condition.nested_condition.fileSize.type = IfAc
 appender.rolling.strategy.action.condition.nested_condition.fileSize.exceeds = 39.5GB
 appender.rolling.strategy.action.condition.nested_condition.lastMod.type = IfLastModified
 appender.rolling.strategy.action.condition.nested_condition.lastMod.age = 7D
+
+logger.ror.name=tech.beshu.ror.accesscontrol.logging
+logger.ror.level=off
\ No newline at end of file