Some first impression feedback:
Top page:
I think it is worth explaining the motivation/use case for audit logging
here. What is "audit logging"? How is audit logging different from "normal"
logging? What kind of applications would want to use audit logging and why?
What are audit events? How do audit events relate to log events?
RequestContext page:
I had trouble following this page. The explanation is going too fast for me
and seems to be skipping over some steps. Is my understanding below correct?
* Users must create a RequestContext to use audit logging (if true, best to
start by saying that)
* The reason users need to create a RequestContext is to have a single
container for all data points that users want to log in their audit log.
(Question: does this mean that RequestContext = Audit Event?)
* A recommended/convenient way to implement a RequestContext is to stuff
all values in the log4j ThreadContext (Question: is it really okay to
assume that the service container does not hand off requests to worker
threads?)
* The example RequestContext implementation is too long (and repetitive -
readers will get the point after a few attributes) - may be better to place
the full class in an example application and only show snippets in this
page (and perhaps link to the full example from the page)
* After the example follows some explanation about the annotations. Seems
pretty important stuff but is now just a wall of text. I would break it up
into sections with bold headers, a separate section for each annotation.
Current explanation of the annotations seems a bit too brief.
* RequestContextInterceptor example seems a bit long. Can you reduce it to
its essence or break it up? (Also formatting seems off and has missing
closing double quote in response.sendRedirect("/login); , but does this
page really need to contain a fully working example?)
* Finally, the the "passing context to service" section: are
RequestContextInterceptor and RequestContextHeaderInterceptor the same
thing?
* Does everyone using Spring know what " *The returned list should then be
added to the RestTemplate* " means? (I have no clue :-) but I am
Spring-ignorant.)
Audit Catalog page:
The page mentions Products and Categories 3 times, every time saying "but
Log4j doesn't do anything with that". Why not just leave it out altogether
and not mention these?
Why is it called a Catalog? Perhaps explaining why this term is a good name
would help set the readers frame of thinking to understand the rest of the
page.
Also, do users need to create a catalog? Or is it something that emerges
automatically when one uses audit logging? What happens if you don't create
a catalog?
Hope this is useful,
Remko
On Mon, Feb 5, 2018 at 2:35 PM, Ralph Goers <ralph.go...@dslextreme.com>
wrote:
> Well I have good news and bad news. The bad news is that I forgot my wife
> and I were having people over for the super bowl so I didn’t have as much
> time as I had hoped and I wasn’t able to run the Log4j 2.11.0 release build.
>
> The good news is that I think Log4j Audit V1.0 is about ready for a
> release. I have published the web site at https://rgoers.github.io/
> log4j-audit/index.html <https://rgoers.github.io/log4j-audit/index.html>.
> Some parts of the site will have problems since it hasn’t been released but
> I hope you could take a look at it and review it before a release vote is
> attempted.
>
> You should also feel free to ask me questions here, but if it isn’t clear
> then I expect the web site needs more work.
>
> Ralph
