Restoring the CF Admin logviewer removed in Oct 2022 CF updates, at your own risk

Posted At : November 3, 2022 10:49 PM | Posted By : Charlie Arehart
Related Categories: updates, logs, admin
Comments: (10)

As of the Oct 2022 CF updates (CF2021 update 5 and CF2018 update 15), Adobe has chosen to remove the CF Admin feature to view, search, download, and delete CF logs, due to asserted (but as-yet undocumented) security concerns.

What if you want it back? In this post, I explain what changed, why, and how to get the functionality back--albeit at your own risk. For more, read on.

[....Continue Reading....]

Comments (10)

Comments

[Add Comment]

Charlie, great blog post. I have seen/read a lot of the comments on Slack about this and I agree with you. This is a heavy hand on removing with NO EXPLANATION as to why other than 'security issues'.

Anyway, thanks for taking the time and effort to get the folders and write the blog.

Drew Nathanson

# Posted By Drew Nathanson | 11/4/22 11:53 AM

After update 5 to my Coldfusion 2021, my FuseGuard program would not work. It complained about log access. Putting 2 and 2 together, I used the old folders you provided, and FuseGuard is working again.

Thank you for this post.

# Posted By Jeff McClain | 11/17/22 8:56 AM

Wow, that's interesting that fuseguard leveraged this also. Thanks, Jeff, and glad to have helped get you in the right direction.

You should definitely report this to Pete. Indeed, I'd not be surprised if he's already got an update for FG that no longer relies on that, and perhaps leverages a new approach.

Oh, and thanks also, Drew, for your previous kind regards. :-)

# Posted By Charlie Arehart | 11/17/22 9:25 AM

Thank you for taking the time to provide this solution. I had thought there was a bug causing this issue. After depending on these log files for a variety of purposes over the years it's a pain to have them forcibly removed. At a minimum it seems like we should be able to have the functionality in development environments. More information from Adobe on the security risk specifics would be nice.

# Posted By Chris Simmons | 1/4/23 9:10 AM

Indeed, Chris. And I've asked for more detail but been given none in reply. As such, while I'm still torn about having shared the workaround, we can't know if the problem is dire or not, or when it is or not. :-(

# Posted By Charlie Arehart | 1/4/23 9:13 AM

Again, many thanks. I have kind of "ignored" the issue by going and rooting around to find the log files and open them manually. Today though I was in a bind needing to reference logging on a development project over and over and this really helped me out.

# Posted By Chris Simmons | 1/4/23 9:19 AM

Why even have a log section in the CF Admin if you can't view them?

# Posted By Peter | 1/18/23 10:27 AM

Peter, there are a couple of reasons the "log files" page remains in the admin. First, there are still the remaining actions which can be performed against the logs, from the ability to archive any of the listed log files to the ability to enable/disable some of the log files. (I do realize some folks never perform either action, so to them the page may as well not exist.)

Second, the page still a) lists all the files (for those who may not know they exist), and b) shows the size and last update date for each log (which could be of some value in some situations, I suppose).

All that said, clearly I am still of the opinion that there SHOULD be an ability to VIEW the logs. Whatever led them to remove it (still a mystery to me), it seems they should be able to SOLVE it so as to return this functionality.

# Posted By charlie arehart | 1/18/23 10:36 AM

It is not helpful of Adobe to remove access to the logs from within cf admin. However if they're going to do this they could at least update the UI to tell us the path to the log files so we can navigate there another way.

In case this helps anyone else, on cf 21 they are ColdFusion2021\cfusion\logs

Pretty obvious of course but if your app isn't working and you're in a hurry having this info on the logging page in cf admin could be helpful given the context

HTH

# Posted By Nick Way | 3/17/23 6:06 AM

Good point, Nick. I'd argue the same about the great value if they'd do that also on the Java and jvm page, showing how that info is saved to the jvm.config, and showing its path.

Of course, some might argue that "anyone who administers a cf admin should already know these locations", but it's not true. They could also argue that putting the info here could aid hackers, and I could argue they really DO tend to already know such things! :-)

But I could understand if they're torn about which way to go. I'm not so sure they've really considered it, so again good for you to raise the point. Better if you'd file a feature request, at tracker.adobe.com. :-)

# Posted By Charlie Arehart | 3/17/23 9:11 AM

[Add Comment]

Home

View all posts

Enter your email address to subscribe to this blog.

Recent Comments

Announcing ColdFusion updates released May 13 2025: p1 security update (and more)
Charlie Arehart said: I can now confirm that the path specification in the pathfilter.json file is indeed case-sensitive. ... [more]

Announcing ColdFusion updates released May 13 2025: p1 security update (and more)
Charlie Arehart said: I hear you that you need to "move on". I offered help as it seemed you sought it. Maybe yo ... [more]

Announcing ColdFusion updates released May 13 2025: p1 security update (and more)
Paul said: Charlie, the path was exactly as I posted above, a single path, no separators. No error in the cold ... [more]

Announcing ColdFusion updates released May 13 2025: p1 security update (and more)
Charlie Arehart said: Paul, 3 things. And I think we fill get you to a solution in the first one. 1 ... [more]

Announcing ColdFusion updates released May 13 2025: p1 security update (and more)
Paul said: Charlie, I tried adding the argument -Dcoldfusion.systemprobe.allow ... to the jvm.co ... [more]

Calendar

Sun	Mon	Tue	Wed	Thu	Fri	Sat
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

Entries by year

2025 (12)
2024 (28)
2023 (33)

2022

November (2)
October (5)
September (3)
August (1)
July (4)
June (1)
April (1)
March (2)
January (1)

2021 (18)
2020 (17)
2019 (23)
2018 (15)
2017 (14)
2016 (17)
2015 (10)
2014 (19)
2013 (18)
2012 (32)
2011 (21)
2010 (30)
2009 (52)
2008 (95)
2007 (94)
2006 (94)

RSS

Contact

About

A veteran server troubleshooter who's worked in enterprise IT for more than three decades, Charlie Arehart (@carehart) is a longtime contributor to the community who as an independent consultant provides remote, short-term, and even on-demand troubleshooting/tuning assistance for organizations of all sizes and experience levels (carehart.org/consulting).

You can reach Charlie by email at charlie (at) carehart.org, or you can follow him on twitter/X, @carehart. This blog is one resource among several within https://www.carehart.org/, where you can also find out more about him.

In fact, if you'd like his help, he's available for consulting for as little as 15 minutes.

Appreciate any of the resources I've offered?

Archives By Subject

admin (108) [RSS]
apache (11) [RSS]
API Manager (4) [RSS]
basics (8) [RSS]
blogging (14) [RSS]
boxlang (1) [RSS]
bug reports (1) [RSS]
business (2) [RSS]
carehart classics (26) [RSS]
CF Server Monitor (26) [RSS]
cf10 (60) [RSS]
cf11 (46) [RSS]
cf2016 (61) [RSS]
CF2016 Intro Series (9) [RSS]
cf2018 (60) [RSS]
cf2021 (63) [RSS]
cf2023 (43) [RSS]
cf2025 (8) [RSS]
cf411 series (10) [RSS]
cf8 (52) [RSS]
cf9 (34) [RSS]
cf911 (54) [RSS]
CFBuilder (20) [RSS]
CFFundamentals (6) [RSS]
cfml (35) [RSS]
cfmx (8) [RSS]
cfmythbusters (7) [RSS]
commandbox (4) [RSS]
community (24) [RSS]
connector (8) [RSS]
contributions (13) [RSS]
debugging (14) [RSS]
derby (5) [RSS]
docker (8) [RSS]
editors (10) [RSS]
evangelism (5) [RSS]
fusionreactor (63) [RSS]
general (59) [RSS]
hidden gems (12) [RSS]
homesite+ (3) [RSS]
hotfix (21) [RSS]
IIS (13) [RSS]
installation (9) [RSS]
introduction (2) [RSS]
java (47) [RSS]
javascript (2) [RSS]
jdbc (10) [RSS]
keyboard shortcuts (5) [RSS]
licensing (8) [RSS]
logs (8) [RSS]
lucee (21) [RSS]
migrating (1) [RSS]
monitoring (42) [RSS]
news (22) [RSS]
orm (2) [RSS]
performance (15) [RSS]
personal (3) [RSS]
PMT (6) [RSS]
podcasts (5) [RSS]
presentations (32) [RSS]
railo (10) [RSS]
redis (2) [RSS]
resource lists (26) [RSS]
security (28) [RSS]
seefusion (11) [RSS]
sql server (14) [RSS]
tips (22) [RSS]
tomcat (9) [RSS]
tools (44) [RSS]
training (8) [RSS]
troubleshooting (75) [RSS]
tuning (14) [RSS]
ugtv (11) [RSS]
updates (66) [RSS]
web services (8) [RSS]
webserver (5) [RSS]
writing (20) [RSS]
zeus (3) [RSS]

Upcoming/Recent Conference Appearances

Adobe CF Summit
Sep 2025

CFCamp
May 2025

Into The Box
May 2025

Adobe CF Summit East
Mar 2025

BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the HTML in this page?)

Managed Hosting Services provided by