logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Saibabu Vallurupalli <saibabu.vallurupa...@gmail.com>
Subject Re: software does not neutralize output that is logged
Date Wed, 22 Jan 2014 20:10:33 GMT
Hi Team,

I need to attach this conversation to my JIRA ticket and I am using my
GMail here. Is there any URL I can generate out of this discussion to reuse
or refer to. Sorry, This is a forum administration question :-(

Thank you,
Sai


On Wed, Jan 22, 2014 at 5:43 AM, Saibabu Vallurupalli <
saibabu.vallurupalli@gmail.com> wrote:

> Ralph,
> Good morning.
>
> This is really helpful.
>
> Thanks so much.
>
> Regards,
> Sai
>
>
> On Wed, Jan 22, 2014 at 12:41 AM, Ralph Goers <ralph.goers@dslextreme.com>wrote:
>
>> Yes.
>> https://svn.apache.org/repos/asf/logging/log4j/log4j2/trunk/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/rewrite/RewriteAppenderTest.java
>>  uses
>> https://svn.apache.org/repos/asf/logging/log4j/log4j2/trunk/log4j-core/src/test/resources/log4j-rewrite.xml
which
>> uses a MapRewritePolicy.  You would replace that with your own
>> RewritePolicy.
>> https://svn.apache.org/repos/asf/logging/log4j/log4j2/trunk/log4j-core/src/test/java/org/apache/logging/log4j/core/appender/rewrite/TestRewritePolicy.java
shows
>> a sample RewritePolicy.  Basically you just create a new LogEvent copying
>> data from the input LogEvent modifying that data as needed.
>>
>> Ralph
>>
>> On Jan 21, 2014, at 3:38 PM, Saibabu Vallurupalli <
>> saibabu.vallurupalli@gmail.com> wrote:
>>
>> Hi Scott and Team:
>>
>> I tried to research on the internet on how to use this functionality but
>> very limited information. Do we have a Unit test case showing this scenario
>> in the source code? Or any reference implementation will be really helpful
>> to refer and try in my Application.
>>
>> Please advise.
>>
>> Thank you,
>> Sai
>>
>>
>> On Tue, Jan 21, 2014 at 5:57 PM, Scott Deboy <scott.deboy@gmail.com>wrote:
>>
>>> This mechanism is also available in log4j 1.2:
>>>
>>>
>>> https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/rewrite/RewriteAppender.html
>>>
>>>
>>> On 1/21/14, Scott Deboy <scott.deboy@gmail.com> wrote:
>>> > See
>>> >
>>> http://logging.apache.org/log4j/2.x/manual/appenders.html#RewriteAppender
>>> >
>>> > On 1/21/14, Saibabu Vallurupalli <saibabu.vallurupalli@gmail.com>
>>> wrote:
>>> >> First of all Thanks so much for you all for the quickest response for
>>> >> this
>>> >> posting. I am thinking of writing a wrapper class and update the
>>> source,
>>> >> but we have about 2400 Java classes in the application which needs to
>>> be
>>> >> updated and are using log4j logger. I am trying to explore the option
>>> to
>>> >> avoid modifying all these classes with some kind of ingestion. Any
>>> >> suggestions around will be greatly appreciated.
>>> >>
>>> >> Thank you,
>>> >> Sai
>>> >>
>>> >>
>>> >>
>>> >> On Tue, Jan 21, 2014 at 5:20 PM, Paul Benedict <pbenedict@apache.org>
>>> >> wrote:
>>> >>
>>> >>> This is not an unusual requirement. I've been at a company that
>>> tries to
>>> >>> scrub log files from certain patterns (like SSN #s). Can that be
>>> done in
>>> >>> log4j? I don't know. It would be interesting to know if 2.0 had
some
>>> >>> sort
>>> >>> of filtering capability. Remko? Gary? Ralph?
>>> >>>
>>> >>>
>>> >>> On Tue, Jan 21, 2014 at 4:16 PM, Saibabu Vallurupalli <
>>> >>> saibabu.vallurupalli@gmail.com> wrote:
>>> >>>
>>> >>>> So, we wanted to inspect the message which is getting logged
out to
>>> >>>> avoid
>>> >>>> possible security issues. So, what exactly I am looking is If
I
>>> wanted
>>> >>>> to
>>> >>>> add a restriction on whats been logged. How can I achieve this?
>>> >>>>
>>> >>>> For example: log.info("user name"+username+"Password"+password);
//
>>> >>>> This
>>> >>>> is just an example if I see a message having password do not
log it
>>> or
>>> >>>> take
>>> >>>> some action.
>>> >>>>
>>> >>>> Please advise.
>>> >>>>
>>> >>>> Thank you,
>>> >>>> Sai
>>> >>>>
>>> >>>>
>>> >>>> On Tue, Jan 21, 2014 at 5:12 PM, Remko Popma
>>> >>>> <remko.popma@gmail.com>wrote:
>>> >>>>
>>> >>>>> Sorry, but I have no idea what you mean by "neutralize out".
>>> >>>>> What is currently happening and what would you like to happen
>>> instead?
>>> >>>>>
>>> >>>>> Sent from my iPhone
>>> >>>>>
>>> >>>>> > On 2014/01/22, at 6:29, Saibabu Vallurupalli <
>>> >>>>> saibabu.vallurupalli@gmail.com> wrote:
>>> >>>>> >
>>> >>>>> > Hi,
>>> >>>>> >
>>> >>>>> > I am working on an issue related to logging. I our
application we
>>> >>>>> > are
>>> >>>>> using log4j for logging and we detected our software doesn't
>>> >>>>> neutralize
>>> >>>>> out
>>> >>>>> properly. Now, Is there any way without modifying the entire
>>> source by
>>> >>>>> going through each and every class we can achieve this
>>> functionality
>>> >>>>> of
>>> >>>>> inspecting the message getting logged and take appropriate
action.
>>> >>>>> >
>>> >>>>> > We appreciate your support.
>>> >>>>> >
>>> >>>>> > Thank you,
>>> >>>>> > Sai
>>> >>>>> >
>>> >>>>>
>>> >>>>>
>>> ---------------------------------------------------------------------
>>> >>>>> To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
>>> >>>>> For additional commands, e-mail: log4j-dev-help@logging.apache.org
>>> >>>>>
>>> >>>>>
>>> >>>>
>>> >>>
>>> >>>
>>> >>> --
>>> >>> Cheers,
>>> >>> Paul
>>> >>>
>>> >>
>>> >
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
>>> For additional commands, e-mail: log4j-dev-help@logging.apache.org
>>>
>>>
>>
>>
>

Mime
View raw message