Hi Remko,
+1 for the top page feedback. This is the first time I’m looking at this (is
this a new project under log4j?).
Also, is a container (tomcat or others ) a requirement? if it is I do not see
it in the requirements section. I assumed it was an api either using or built
on top of log4j2
Best,
Chandra
On 5 Feb 2018, 8:44 PM +0530, Ralph Goers <ralph.go...@dslextreme.com>, wrote:
> Remko,
>
> Thanks for all the good feedback! That is exactly what I was looking for.
>
> I won’t answer the questions you posed here. Instead, I will try to correct
> the web site to see if it does the job.
>
> Ralph
>
> > On Feb 5, 2018, at 8:04 AM, Remko Popma <remko.po...@gmail.com> wrote:
> >
> > About the web site, the project seems to have components, but the component
> > links in the left-hand navigation menu are not very useful:
> > If you click on "Audit API" for example, only some standard Maven-generated
> > component links/pages are visible, no javadoc or sources in the Component
> > Reports.
> > Also the selected component should stay highlighted in the left-hand menu
> > like we do for the Log4j 2 web site.
> >
> > The Javadoc page at the top of the left-hand navigation menu seems broken:
> > it shows the Log4j 2 modules, not the log4j-audit modules.
> > The submenu links under Javadoc (e.g. Javadoc/Log4j Audit API) all give 404
> > page not found errors.
> >
> >
> >
> > On Mon, Feb 5, 2018 at 11:49 PM, Remko Popma <remko.po...@gmail.com> wrote:
> >
> > > Some first impression feedback:
> > >
> > > Top page:
> > > I think it is worth explaining the motivation/use case for audit logging
> > > here. What is "audit logging"? How is audit logging different from
> > > "normal"
> > > logging? What kind of applications would want to use audit logging and
> > > why?
> > > What are audit events? How do audit events relate to log events?
> > >
> > > RequestContext page:
> > > I had trouble following this page. The explanation is going too fast for
> > > me and seems to be skipping over some steps. Is my understanding below
> > > correct?
> > > * Users must create a RequestContext to use audit logging (if true, best
> > > to start by saying that)
> > > * The reason users need to create a RequestContext is to have a single
> > > container for all data points that users want to log in their audit log.
> > > (Question: does this mean that RequestContext = Audit Event?)
> > > * A recommended/convenient way to implement a RequestContext is to stuff
> > > all values in the log4j ThreadContext (Question: is it really okay to
> > > assume that the service container does not hand off requests to worker
> > > threads?)
> > > * The example RequestContext implementation is too long (and repetitive -
> > > readers will get the point after a few attributes) - may be better to
> > > place
> > > the full class in an example application and only show snippets in this
> > > page (and perhaps link to the full example from the page)
> > > * After the example follows some explanation about the annotations. Seems
> > > pretty important stuff but is now just a wall of text. I would break it up
> > > into sections with bold headers, a separate section for each annotation.
> > > Current explanation of the annotations seems a bit too brief.
> > > * RequestContextInterceptor example seems a bit long. Can you reduce it
> > > to its essence or break it up? (Also formatting seems off and has missing
> > > closing double quote in response.sendRedirect("/login); , but does this
> > > page really need to contain a fully working example?)
> > > * Finally, the the "passing context to service" section: are
> > > RequestContextInterceptor and RequestContextHeaderInterceptor the same
> > > thing?
> > > * Does everyone using Spring know what " *The returned list should then
> > > be added to the RestTemplate* " means? (I have no clue :-) but I am
> > > Spring-ignorant.)
> > >
> > > Audit Catalog page:
> > > The page mentions Products and Categories 3 times, every time saying "but
> > > Log4j doesn't do anything with that". Why not just leave it out altogether
> > > and not mention these?
> > > Why is it called a Catalog? Perhaps explaining why this term is a good
> > > name would help set the readers frame of thinking to understand the rest
> > > of
> > > the page.
> > > Also, do users need to create a catalog? Or is it something that emerges
> > > automatically when one uses audit logging? What happens if you don't
> > > create
> > > a catalog?
> > >
> > > Hope this is useful,
> > > Remko
> > >
> > >
> > > On Mon, Feb 5, 2018 at 2:35 PM, Ralph Goers <ralph.go...@dslextreme.com
> > > wrote:
> > >
> > > > Well I have good news and bad news. The bad news is that I forgot my
> > > > wife
> > > > and I were having people over for the super bowl so I didn’t have as
> > > > much
> > > > time as I had hoped and I wasn’t able to run the Log4j 2.11.0 release
> > > > build.
> > > >
> > > > The good news is that I think Log4j Audit V1.0 is about ready for a
> > > > release. I have published the web site at https://rgoers.github.io/log4j
> > > > -audit/index.html <https://rgoers.github.io/log4j-audit/index.html>.
> > > > Some parts of the site will have problems since it hasn’t been released
> > > > but
> > > > I hope you could take a look at it and review it before a release vote
> > > > is
> > > > attempted.
> > > >
> > > > You should also feel free to ask me questions here, but if it isn’t
> > > > clear
> > > > then I expect the web site needs more work.
> > > >
> > > > Ralph
> > >
> > >
> > >
>
>
