Uploaded image for project: 'Log4j 2'
  1. Log4j 2
  2. LOG4J2-2665

Incident Response Improvement for Log4J

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.12.0
    • Fix Version/s: None
    • Component/s: API
    • Labels:
      None

      Description

      Issue:

      Logging something to a file only solves half of the problem. The log needs to readable and distinguishable by auditors and responders. 

      This is a proposal to add a optional feature for the instantiation and compile process of the logger. 

       

      1. Allow for a description parameter for each log statement. 
      2. When the description is filled out, log events that correspond to that description are given a hash number that match the hash of the description 
      3. The descriptions of said log are extracted and paired with their hash into a "log description file" during the compile process

      Example:

      Previous Logging Method

      logger.info(user.id + " was able to login")
      

      Proposed change

      logger.info(user.id + " was able to login", description="This log event appears right after every user logs in")

      Log File example

      Previous:

      user132 was able to login
      

      Proposed:

      c58868be25f925102364ba7cf15b4fbcca5d3f11: user132 was able to login
      

      Proposed log file description file generated during compile time:

      c58868be25f925102364ba7cf15b4fbcca5d3f11: This log event appears right after every user logs in

       

       

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              joubin Joubin Jabbari
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated: