About the web site, the project seems to have components, but the component
links in the left-hand navigation menu are not very useful:
If you click on "Audit API" for example, only some standard Maven-generated
component links/pages are visible, no javadoc or sources in the Component
Reports.
Also the selected component should stay highlighted in the left-hand menu
like we do for the Log4j 2 web site.
The Javadoc page at the top of the left-hand navigation menu seems broken:
it shows the Log4j 2 modules, not the log4j-audit modules.
The submenu links under Javadoc (e.g. Javadoc/Log4j Audit API) all give 404
page not found errors.
On Mon, Feb 5, 2018 at 11:49 PM, Remko Popma <remko.po...@gmail.com> wrote:
> Some first impression feedback:
>
> Top page:
> I think it is worth explaining the motivation/use case for audit logging
> here. What is "audit logging"? How is audit logging different from "normal"
> logging? What kind of applications would want to use audit logging and why?
> What are audit events? How do audit events relate to log events?
>
> RequestContext page:
> I had trouble following this page. The explanation is going too fast for
> me and seems to be skipping over some steps. Is my understanding below
> correct?
> * Users must create a RequestContext to use audit logging (if true, best
> to start by saying that)
> * The reason users need to create a RequestContext is to have a single
> container for all data points that users want to log in their audit log.
> (Question: does this mean that RequestContext = Audit Event?)
> * A recommended/convenient way to implement a RequestContext is to stuff
> all values in the log4j ThreadContext (Question: is it really okay to
> assume that the service container does not hand off requests to worker
> threads?)
> * The example RequestContext implementation is too long (and repetitive -
> readers will get the point after a few attributes) - may be better to place
> the full class in an example application and only show snippets in this
> page (and perhaps link to the full example from the page)
> * After the example follows some explanation about the annotations. Seems
> pretty important stuff but is now just a wall of text. I would break it up
> into sections with bold headers, a separate section for each annotation.
> Current explanation of the annotations seems a bit too brief.
> * RequestContextInterceptor example seems a bit long. Can you reduce it
> to its essence or break it up? (Also formatting seems off and has missing
> closing double quote in response.sendRedirect("/login); , but does this
> page really need to contain a fully working example?)
> * Finally, the the "passing context to service" section: are
> RequestContextInterceptor and RequestContextHeaderInterceptor the same
> thing?
> * Does everyone using Spring know what " *The returned list should then
> be added to the RestTemplate* " means? (I have no clue :-) but I am
> Spring-ignorant.)
>
> Audit Catalog page:
> The page mentions Products and Categories 3 times, every time saying "but
> Log4j doesn't do anything with that". Why not just leave it out altogether
> and not mention these?
> Why is it called a Catalog? Perhaps explaining why this term is a good
> name would help set the readers frame of thinking to understand the rest of
> the page.
> Also, do users need to create a catalog? Or is it something that emerges
> automatically when one uses audit logging? What happens if you don't create
> a catalog?
>
> Hope this is useful,
> Remko
>
>
> On Mon, Feb 5, 2018 at 2:35 PM, Ralph Goers <ralph.go...@dslextreme.com>
> wrote:
>
>> Well I have good news and bad news. The bad news is that I forgot my wife
>> and I were having people over for the super bowl so I didn’t have as much
>> time as I had hoped and I wasn’t able to run the Log4j 2.11.0 release build.
>>
>> The good news is that I think Log4j Audit V1.0 is about ready for a
>> release. I have published the web site at https://rgoers.github.io/log4j
>> -audit/index.html <https://rgoers.github.io/log4j-audit/index.html>.
>> Some parts of the site will have problems since it hasn’t been released but
>> I hope you could take a look at it and review it before a release vote is
>> attempted.
>>
>> You should also feel free to ask me questions here, but if it isn’t clear
>> then I expect the web site needs more work.
>>
>> Ralph
>
>
>
