Created redmine issue https://projects.theforeman.org/issues/25482 from this bug

Hotfixing an existing instance is easy, just add the two new files into /usr/share/foreman and restart httpd:

https://github.com/theforeman/foreman/pull/6252/files

The issue https://projects.theforeman.org/issues/21127 is somehow related but a different bug actually.

REL-ENG: There are two possible solutions:

1) Patch in core

2) Patch only for OpenSCAP plugin

I don't know yet which one gets merged upstream, cherry pick one or another please. It is possible that both are accepted as well, in that case only merge the OpenSCAP one.

Please cherry pick the OpenSCAP patch only:

https://projects.theforeman.org/issues/21127

Let's keep the changes in core upstream only.

(In reply to Lukas Zapletal from comment #7)
> Please cherry pick the OpenSCAP patch only:
> 
> https://projects.theforeman.org/issues/21127
> 
> Let's keep the changes in core upstream only.

Just to double check, pulling in https://projects.theforeman.org/issues/21127 (which already have, as we have foreman_openscap 0.11.1) is sufficient to fix this BZ?

If it is, then I think the other redmine issue should be unlinked here.

Yes, for 6.5 the bug is actually fixed (foreman_openscap 0.11.0 or older).

For 6.4 we need to cherry pick. I guess we can remove the ACK for 6.5? Not sure what is the process in this case.

Cool, so marking as built in 6.5

For 6.4, someone (Mike?) will need to clone this properly, as this BZ is for 6.5.

There are 2 endpoints with excessive logging: 

* uploading reports to server as originally reported here by lzap.
Reproducer is to upload a report by running foreman_scap_client and observe the foreman logs. Large amount of data should no longer be seen in logs when report is uploaded.

* downloading scap content as xml
change logging level to debug
download scap content as xml - there should be no xml in logs

I expect both of these to be fixed, though the second one is not too critical for production, because the logging is on info level by default.

Created attachment 1518095 [details]
downloading scap content with debug logs xml

For googlers:

There is actually a possible workaround for Satellite 6.4, a patch which I created for Rails and then for Foreman which sends all parameter logs into separate logger called "params" which can be then disabled. However the patch did not make it both into Rails or Foreman and Satellite 6.5 already contains a different solution for OpenSCAP. But the patch is easy to apply:

https://github.com/theforeman/foreman/pull/6252/files

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2019:1222

(In reply to Lukas Zapletal from comment #27)
> For googlers:
> 
> There is actually a possible workaround for Satellite 6.4, a patch which I
> created for Rails and then for Foreman which sends all parameter logs into
> separate logger called "params" which can be then disabled. However the
> patch did not make it both into Rails or Foreman and Satellite 6.5 already
> contains a different solution for OpenSCAP. But the patch is easy to apply:
> 
> https://github.com/theforeman/foreman/pull/6252/files

We still are at 6.4 (on the path from 6.3 to 6.5) and used your workaround to solve the problem of arf reports in production.log