Remko,
I believe I have addressed most of the feedback from these two emails, although
I haven’t figured out how the selected component stays highlighted in the left
hand menu. I’d appreciate you and everyone else taking another look at
https://rgoers.github.io/log4j-audit/index.html
<https://rgoers.github.io/log4j-audit/index.html>.
Thanks,
Ralph
> On Feb 5, 2018, at 8:04 AM, Remko Popma <remko.po...@gmail.com> wrote:
>
> About the web site, the project seems to have components, but the component
> links in the left-hand navigation menu are not very useful:
> If you click on "Audit API" for example, only some standard Maven-generated
> component links/pages are visible, no javadoc or sources in the Component
> Reports.
> Also the selected component should stay highlighted in the left-hand menu
> like we do for the Log4j 2 web site.
>
> The Javadoc page at the top of the left-hand navigation menu seems broken:
> it shows the Log4j 2 modules, not the log4j-audit modules.
> The submenu links under Javadoc (e.g. Javadoc/Log4j Audit API) all give 404
> page not found errors.
>
>
>
> On Mon, Feb 5, 2018 at 11:49 PM, Remko Popma <remko.po...@gmail.com> wrote:
>
>> Some first impression feedback:
>>
>> Top page:
>> I think it is worth explaining the motivation/use case for audit logging
>> here. What is "audit logging"? How is audit logging different from "normal"
>> logging? What kind of applications would want to use audit logging and why?
>> What are audit events? How do audit events relate to log events?
>>
>> RequestContext page:
>> I had trouble following this page. The explanation is going too fast for
>> me and seems to be skipping over some steps. Is my understanding below
>> correct?
>> * Users must create a RequestContext to use audit logging (if true, best
>> to start by saying that)
>> * The reason users need to create a RequestContext is to have a single
>> container for all data points that users want to log in their audit log.
>> (Question: does this mean that RequestContext = Audit Event?)
>> * A recommended/convenient way to implement a RequestContext is to stuff
>> all values in the log4j ThreadContext (Question: is it really okay to
>> assume that the service container does not hand off requests to worker
>> threads?)
>> * The example RequestContext implementation is too long (and repetitive -
>> readers will get the point after a few attributes) - may be better to place
>> the full class in an example application and only show snippets in this
>> page (and perhaps link to the full example from the page)
>> * After the example follows some explanation about the annotations. Seems
>> pretty important stuff but is now just a wall of text. I would break it up
>> into sections with bold headers, a separate section for each annotation.
>> Current explanation of the annotations seems a bit too brief.
>> * RequestContextInterceptor example seems a bit long. Can you reduce it
>> to its essence or break it up? (Also formatting seems off and has missing
>> closing double quote in response.sendRedirect("/login); , but does this
>> page really need to contain a fully working example?)
>> * Finally, the the "passing context to service" section: are
>> RequestContextInterceptor and RequestContextHeaderInterceptor the same
>> thing?
>> * Does everyone using Spring know what " *The returned list should then
>> be added to the RestTemplate* " means? (I have no clue :-) but I am
>> Spring-ignorant.)
>>
>> Audit Catalog page:
>> The page mentions Products and Categories 3 times, every time saying "but
>> Log4j doesn't do anything with that". Why not just leave it out altogether
>> and not mention these?
>> Why is it called a Catalog? Perhaps explaining why this term is a good
>> name would help set the readers frame of thinking to understand the rest of
>> the page.
>> Also, do users need to create a catalog? Or is it something that emerges
>> automatically when one uses audit logging? What happens if you don't create
>> a catalog?
>>
>> Hope this is useful,
>> Remko
>>
>>
>> On Mon, Feb 5, 2018 at 2:35 PM, Ralph Goers <ralph.go...@dslextreme.com>
>> wrote:
>>
>>> Well I have good news and bad news. The bad news is that I forgot my wife
>>> and I were having people over for the super bowl so I didn’t have as much
>>> time as I had hoped and I wasn’t able to run the Log4j 2.11.0 release build.
>>>
>>> The good news is that I think Log4j Audit V1.0 is about ready for a
>>> release. I have published the web site at https://rgoers.github.io/log4j
>>> -audit/index.html <https://rgoers.github.io/log4j-audit/index.html>.
>>> Some parts of the site will have problems since it hasn’t been released but
>>> I hope you could take a look at it and review it before a release vote is
>>> attempted.
>>>
>>> You should also feel free to ask me questions here, but if it isn’t clear
>>> then I expect the web site needs more work.
>>>
>>> Ralph
>>
>>
>>
