From 89fceb3c363a30b379507a46852010525a80cfa5 Mon Sep 17 00:00:00 2001
From: Joao Eduardo Luis <joao@redhat.com>
Date: Fri, 19 Sep 2014 18:04:37 +0100
Subject: [PATCH] mon: Monitor: log RO commands on 'debug' level, RWX on 'info'

Fixes: #9455

Signed-off-by: Joao Eduardo Luis <joao@redhat.com>
---
 src/mon/Monitor.cc | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/mon/Monitor.cc b/src/mon/Monitor.cc
index ed5d7b93258d1..a56d3434e3aaa 100644
--- a/src/mon/Monitor.cc
+++ b/src/mon/Monitor.cc
@@ -2475,20 +2475,26 @@ void Monitor::handle_command(MMonCommand *m)
     forward_request_leader(m);
     return;
   }
+
+  bool cmd_is_rw =
+    (mon_cmd->requires_perm('w') || mon_cmd->requires_perm('x'));
+
   // validate user's permissions for requested command
   map<string,string> param_str_map;
   _generate_command_map(cmdmap, param_str_map);
   if (!_allowed_command(session, module, prefix, cmdmap,
                         param_str_map, mon_cmd)) {
     dout(1) << __func__ << " access denied" << dendl;
-    audit_clog->info() << "from='" << session->inst << "' "
-                      << "entity='" << session->auth_handler->get_entity_name()
-                      << "' cmd=" << m->cmd << ":  access denied";
+    (cmd_is_rw ? audit_clog->info() : audit_clog->debug())
+      << "from='" << session->inst << "' "
+      << "entity='" << session->auth_handler->get_entity_name()
+      << "' cmd=" << m->cmd << ":  access denied";
     reply_command(m, -EACCES, "access denied", 0);
     return;
   }
 
-  audit_clog->info() << "from='" << session->inst << "' "
+  (cmd_is_rw ? audit_clog->info() : audit_clog->debug())
+    << "from='" << session->inst << "' "
     << "entity='"
     << (session->auth_handler ?
         stringify(session->auth_handler->get_entity_name())
-- 
2.39.5