From e197bfeb01dcd53dc45e199ad6821b468659b8f9 Mon Sep 17 00:00:00 2001
From: Matthew Jones <mat@matburt.net>
Date: Fri, 4 Apr 2014 16:48:56 -0400
Subject: [PATCH] Add a specific tower warnings file in the tower home
 directory. Configure the api viewer to emit warnings for 4XX and 5XX status
 codes into that file.  Configure it for use on a production system.  Closes
 AC-685

---
 awx/api/generics.py      |  8 ++++++++
 awx/api/permissions.py   |  2 +-
 awx/settings/defaults.py | 18 ++++++++++++++++--
 3 files changed, 25 insertions(+), 3 deletions(-)

diff --git a/awx/api/generics.py b/awx/api/generics.py
index 5b990821b4..053cce4bc3 100644
--- a/awx/api/generics.py
+++ b/awx/api/generics.py
@@ -3,6 +3,7 @@
 
 # Python
 import inspect
+import logging
 import json
 
 # Django
@@ -31,6 +32,8 @@ __all__ = ['APIView', 'GenericAPIView', 'ListAPIView', 'SimpleListAPIView',
            'RetrieveAPIView', 'RetrieveUpdateAPIView',
            'RetrieveDestroyAPIView', 'RetrieveUpdateDestroyAPIView']
 
+logger = logging.getLogger('awx.api.generics')
+
 def get_view_name(cls, suffix=None):
     '''
     Wrapper around REST framework get_view_name() to support get_name() method
@@ -131,6 +134,11 @@ class APIView(views.APIView):
         ret['added_in_version'] = added_in_version
         return ret
 
+    def finalize_response(self, request, response, *args, **kwargs):
+        if response.status_code >= 400:
+            logger.warn("status %s received by user %s attempting to access %s" % (response.status_code, request.user, request.path))
+        return super(APIView, self).finalize_response(request, response, *args, **kwargs)
+
 
 class GenericAPIView(generics.GenericAPIView, APIView):
     # Base class for all model-based views.
diff --git a/awx/api/permissions.py b/awx/api/permissions.py
index 6d02c7e74d..e5165a32c8 100644
--- a/awx/api/permissions.py
+++ b/awx/api/permissions.py
@@ -142,7 +142,7 @@ class JobTemplateCallbackPermission(ModelAccessPermission):
         # True to fall through to the next permission class.
         if (request.user or request.auth) and request.method.lower() != 'post':
             return super(JobTemplateCallbackPermission, self).has_permission(request, view, obj)
-        
+
         # Require method to be POST, host_config_key to be specified and match
         # the requested job template, and require the job template to be
         # active in order to proceed.
diff --git a/awx/settings/defaults.py b/awx/settings/defaults.py
index 4de65d3869..80162c4a69 100644
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -404,13 +404,27 @@ LOGGING = {
             'filters': ['require_debug_false'],
             'class': 'django.utils.log.AdminEmailHandler',
         },
+        'rotating_file': {
+            'level': 'WARNING',
+            'class':'logging.handlers.RotatingFileHandler',
+            'filters': ['require_debug_false'],
+            'filename': os.path.join(BASE_DIR, 'tower_warnings.log'),
+            'maxBytes': 1024*1024*5, # 5 MB
+            'backupCount': 5,
+            'formatter':'simple',
+        },
     },
     'loggers': {
         'django': {
             'handlers': ['console'],
         },
         'django.request': {
-            'handlers': ['mail_admins', 'console', 'file', 'syslog'],
+            'handlers': ['mail_admins', 'console', 'file', 'syslog', 'rotating_file'],
+            'level': 'WARNING',
+            'propagate': False,
+        },
+        'rest_framework.request': {
+            'handlers': ['mail_admins', 'console', 'file', 'syslog', 'rotating_file'],
             'level': 'WARNING',
             'propagate': False,
         },
@@ -418,7 +432,7 @@ LOGGING = {
             'handlers': ['console'],
         },
         'awx': {
-            'handlers': ['console', 'file', 'syslog'],
+            'handlers': ['console', 'file', 'syslog', 'rotating_file'],
             'level': 'DEBUG',
         },
         'awx.main.access': {