Remko, I believe I have addressed most of the feedback from these two emails, although I haven’t figured out how the selected component stays highlighted in the left hand menu. I’d appreciate you and everyone else taking another look at https://rgoers.github.io/log4j-audit/index.html <https://rgoers.github.io/log4j-audit/index.html>.
Thanks, Ralph > On Feb 5, 2018, at 8:04 AM, Remko Popma <remko.po...@gmail.com> wrote: > > About the web site, the project seems to have components, but the component > links in the left-hand navigation menu are not very useful: > If you click on "Audit API" for example, only some standard Maven-generated > component links/pages are visible, no javadoc or sources in the Component > Reports. > Also the selected component should stay highlighted in the left-hand menu > like we do for the Log4j 2 web site. > > The Javadoc page at the top of the left-hand navigation menu seems broken: > it shows the Log4j 2 modules, not the log4j-audit modules. > The submenu links under Javadoc (e.g. Javadoc/Log4j Audit API) all give 404 > page not found errors. > > > > On Mon, Feb 5, 2018 at 11:49 PM, Remko Popma <remko.po...@gmail.com> wrote: > >> Some first impression feedback: >> >> Top page: >> I think it is worth explaining the motivation/use case for audit logging >> here. What is "audit logging"? How is audit logging different from "normal" >> logging? What kind of applications would want to use audit logging and why? >> What are audit events? How do audit events relate to log events? >> >> RequestContext page: >> I had trouble following this page. The explanation is going too fast for >> me and seems to be skipping over some steps. Is my understanding below >> correct? >> * Users must create a RequestContext to use audit logging (if true, best >> to start by saying that) >> * The reason users need to create a RequestContext is to have a single >> container for all data points that users want to log in their audit log. >> (Question: does this mean that RequestContext = Audit Event?) >> * A recommended/convenient way to implement a RequestContext is to stuff >> all values in the log4j ThreadContext (Question: is it really okay to >> assume that the service container does not hand off requests to worker >> threads?) >> * The example RequestContext implementation is too long (and repetitive - >> readers will get the point after a few attributes) - may be better to place >> the full class in an example application and only show snippets in this >> page (and perhaps link to the full example from the page) >> * After the example follows some explanation about the annotations. Seems >> pretty important stuff but is now just a wall of text. I would break it up >> into sections with bold headers, a separate section for each annotation. >> Current explanation of the annotations seems a bit too brief. >> * RequestContextInterceptor example seems a bit long. Can you reduce it >> to its essence or break it up? (Also formatting seems off and has missing >> closing double quote in response.sendRedirect("/login); , but does this >> page really need to contain a fully working example?) >> * Finally, the the "passing context to service" section: are >> RequestContextInterceptor and RequestContextHeaderInterceptor the same >> thing? >> * Does everyone using Spring know what " *The returned list should then >> be added to the RestTemplate* " means? (I have no clue :-) but I am >> Spring-ignorant.) >> >> Audit Catalog page: >> The page mentions Products and Categories 3 times, every time saying "but >> Log4j doesn't do anything with that". Why not just leave it out altogether >> and not mention these? >> Why is it called a Catalog? Perhaps explaining why this term is a good >> name would help set the readers frame of thinking to understand the rest of >> the page. >> Also, do users need to create a catalog? Or is it something that emerges >> automatically when one uses audit logging? What happens if you don't create >> a catalog? >> >> Hope this is useful, >> Remko >> >> >> On Mon, Feb 5, 2018 at 2:35 PM, Ralph Goers <ralph.go...@dslextreme.com> >> wrote: >> >>> Well I have good news and bad news. The bad news is that I forgot my wife >>> and I were having people over for the super bowl so I didn’t have as much >>> time as I had hoped and I wasn’t able to run the Log4j 2.11.0 release build. >>> >>> The good news is that I think Log4j Audit V1.0 is about ready for a >>> release. I have published the web site at https://rgoers.github.io/log4j >>> -audit/index.html <https://rgoers.github.io/log4j-audit/index.html>. >>> Some parts of the site will have problems since it hasn’t been released but >>> I hope you could take a look at it and review it before a release vote is >>> attempted. >>> >>> You should also feel free to ask me questions here, but if it isn’t clear >>> then I expect the web site needs more work. >>> >>> Ralph >> >> >>