[Looking for Charlie's main web site?]

Restoring the CF Admin logviewer removed in Oct 2022 CF updates, at your own risk

Posted At : November 3, 2022 10:49 PM | Posted By : Charlie Arehart
Related Categories: updates, logs, admin
Comments: (10)
As of the Oct 2022 CF updates (CF2021 update 5 and CF2018 update 15), Adobe has chosen to remove the CF Admin feature to view, search, download, and delete CF logs, due to asserted (but as-yet undocumented) security concerns.

What if you want it back? In this post, I explain what changed, why, and how to get the functionality back--albeit at your own risk. For more, read on.

[....Continue Reading....]

Comments (10)
Comments
[Add Comment]
Charlie, great blog post. I have seen/read a lot of the comments on Slack about this and I agree with you. This is a heavy hand on removing with NO EXPLANATION as to why other than 'security issues'.

Anyway, thanks for taking the time and effort to get the folders and write the blog.

Drew Nathanson
# Posted By Drew Nathanson | 11/4/22 11:53 AM
After update 5 to my Coldfusion 2021, my FuseGuard program would not work. It complained about log access. Putting 2 and 2 together, I used the old folders you provided, and FuseGuard is working again.

Thank you for this post.
# Posted By Jeff McClain | 11/17/22 8:56 AM
Wow, that's interesting that fuseguard leveraged this also. Thanks, Jeff, and glad to have helped get you in the right direction.

You should definitely report this to Pete. Indeed, I'd not be surprised if he's already got an update for FG that no longer relies on that, and perhaps leverages a new approach.

Oh, and thanks also, Drew, for your previous kind regards. :-)
# Posted By Charlie Arehart | 11/17/22 9:25 AM
Thank you for taking the time to provide this solution. I had thought there was a bug causing this issue. After depending on these log files for a variety of purposes over the years it's a pain to have them forcibly removed. At a minimum it seems like we should be able to have the functionality in development environments. More information from Adobe on the security risk specifics would be nice.
# Posted By Chris Simmons | 1/4/23 9:10 AM
Indeed, Chris. And I've asked for more detail but been given none in reply. As such, while I'm still torn about having shared the workaround, we can't know if the problem is dire or not, or when it is or not. :-(
# Posted By Charlie Arehart | 1/4/23 9:13 AM
Again, many thanks. I have kind of "ignored" the issue by going and rooting around to find the log files and open them manually. Today though I was in a bind needing to reference logging on a development project over and over and this really helped me out.
# Posted By Chris Simmons | 1/4/23 9:19 AM
Why even have a log section in the CF Admin if you can't view them?
# Posted By Peter | 1/18/23 10:27 AM
Peter, there are a couple of reasons the "log files" page remains in the admin. First, there are still the remaining actions which can be performed against the logs, from the ability to archive any of the listed log files to the ability to enable/disable some of the log files. (I do realize some folks never perform either action, so to them the page may as well not exist.)

Second, the page still a) lists all the files (for those who may not know they exist), and b) shows the size and last update date for each log (which could be of some value in some situations, I suppose).

All that said, clearly I am still of the opinion that there SHOULD be an ability to VIEW the logs. Whatever led them to remove it (still a mystery to me), it seems they should be able to SOLVE it so as to return this functionality.
# Posted By charlie arehart | 1/18/23 10:36 AM
It is not helpful of Adobe to remove access to the logs from within cf admin. However if they're going to do this they could at least update the UI to tell us the path to the log files so we can navigate there another way.

In case this helps anyone else, on cf 21 they are ColdFusion2021\cfusion\logs

Pretty obvious of course but if your app isn't working and you're in a hurry having this info on the logging page in cf admin could be helpful given the context

HTH
# Posted By Nick Way | 3/17/23 6:06 AM
Good point, Nick. I'd argue the same about the great value if they'd do that also on the Java and jvm page, showing how that info is saved to the jvm.config, and showing its path.

Of course, some might argue that "anyone who administers a cf admin should already know these locations", but it's not true. They could also argue that putting the info here could aid hackers, and I could argue they really DO tend to already know such things! :-)

But I could understand if they're torn about which way to go. I'm not so sure they've really considered it, so again good for you to raise the point. Better if you'd file a feature request, at tracker.adobe.com. :-)
# Posted By Charlie Arehart | 3/17/23 9:11 AM
[Add Comment]
Copyright ©2024 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting