logging-log4j-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ralph Goers <ralph.go...@dslextreme.com>
Subject Re: Query Regarding Log4j audit framework
Date Thu, 27 Feb 2020 17:06:15 GMT
Log4j Audit uses Log4j so anything built into Log4j can be used. So I can think of a couple
of ways to inject a hash:
1. Add the hash to your layout. If you used the PatternLayout you could implement a HashConverter
to create it. In general, I suspect you should create a Jira issue for whichever Layout you
want to use, such as JSONLayout, to have Log4j add one automatically. 
2. I will be modifying the ContextDataInjector to add support for ContextDataProviders. This
would allow you to create a provider that adds a hash to the ContextData.

If I understand your second item you simply want to do batching?  You would handle that in
the Appender. For example, the FlumeAppender handles batching.

Ralph

> On Feb 27, 2020, at 8:43 AM, Matt Sicker <boards@gmail.com> wrote:
> 
> Ah, I see what you mean. I don’t think we have any specific plugin for
> that, though they sound like reasonable feature requests. Could you file
> Jira tickets for them?
> 
> On Thu, Feb 27, 2020 at 03:09 Sushil Singh <Sushil.Singh@thalesgroup.com>
> wrote:
> 
>> Thanks @Matt Sicker <boards@gmail.com> for your reply
>> 
>> But 2 of my problems remains unresolved
>> 
>> 1) How can i add hash of the log itself and send it with log itself as a
>> Log field so that we can verify it for tampering at a later stage
>> 2) How can i aggregate log events for count along with log itself such
>> that I can get the Log event and a count as a field in a window. So
>> basically want to do windowed aggregation of logs before flushing
>> 
>> Burst filter was more of controlling logs rather than aggregating
>> 
>> Please let me know how it can be achieved
>> 
>> Thanks
>> 
>> Sushil Pratap Singh
>> 
>> 
>> 
>> ------------------------------
>> *From:* Matt Sicker <boards@gmail.com>
>> *Sent:* 24 February 2020 20:25
>> *To:* Log4J Users List <log4j-user@logging.apache.org>
>> *Subject:* Re: Query Regarding Log4j audit framework
>> 
>> Not sure about 1. For 2, there’s the burst filter in log4j2 which supports
>> that type of thing in general. As for 3, take a look at the various
>> appenders available like Syslog/Socket/HTTP/JDBC.
>> 
>> On Mon, Feb 24, 2020 at 00:26 Sushil Singh <Sushil.Singh@thalesgroup.com>
>> wrote:
>> 
>>> Hi
>>> 
>>> 
>>> I want to use log 4j audit for multiple applications but I have certain
>>> requirements
>>> 
>>> 1) I want to add some function to logs such that hash of log messages can
>>> be sent along with log message itself
>>> 2) Is there a way to club same kind of Logs occuring frequently in a
>> small
>>> window of time
>>> 3) Is there something we can use log api events to log to server also
>>> 
>>> please let me know how these can be achieved
>>> 
>>> Thanks,
>>> 
>>> Sushil
>>> 
>>> --
>> Matt Sicker <boards@gmail.com>
>> 
> -- 
> Matt Sicker <boards@gmail.com>



---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-user-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-user-help@logging.apache.org


Mime
View raw message