Thanks for the suggestion, I think this makes sense! Maybe we can replace token_auth=XYZ by token_auth=REMOVED

archive.log is not a piwik log file, it's probably where you redirect the output of the cron command?

@mnapoli users can configure piwik to log the last core:archive output to this archive.log or another file

maybe it would be fixed with #7301

@mnapoli users can configure piwik to log the last core:archive output to this archive.log or another file

In the link I only see redirecting the output of the command to a file, is that what you mean?

We could have a look at passing the token_auth not in the URL maybe? E.g. as a header. The URL parameter could still be used but at least for correct setups the token would be passed as a header and never be logged, either in Piwik's output or also Apache access logs, etc...

In the link I only see redirecting the output of the command to a file, is that what you mean?

Yes

We could have a look at passing the token_auth not in the URL maybe? E.g. as a header. The URL parameter could still be used but at least for correct setups the token would be passed as a header and never be logged, either in Piwik's output or also Apache access logs, etc...

good idea, I created issue: #7349

@mnapoli is this issue fixed?

@mnapoli is this issue fixed?

Not totally, see for example https://github.com/piwik/piwik/blob/frontcontroller-refactoring/core/CronArchive.php#L825-833

In most case the archiver will use the logger, so it means the current issue is addressed. But in some cases it does print… So that need to be fixed.

It will be an easy fix, I'm moving it to 2.12.

👍