That is with C:\Users\remko\IdeaProjects\logging-log4j-audit-sample>mvn --version Apache Maven 3.5.2 (138edd61fd100ec658bfa2d307c43b76940a5d7d; 2017-10-18T16:58:13+09:00) Maven home: C:\apps\apache-maven-3.5.2\bin\.. Java version: 1.8.0_161, vendor: Oracle Corporation Java home: C:\apps\jdk1.8.0_161\jre Default locale: en_GB, platform encoding: MS932 OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
On Sun, Jun 10, 2018 at 4:21 PM, Remko Popma <remko.po...@gmail.com> wrote: > getting this now > > [INFO] Reactor Summary: > [INFO] > [INFO] Audit Sample Parent ................................ SUCCESS [ > 0.839 s] > [INFO] audit-service-api .................................. FAILURE [ > 0.006 s] > [INFO] audit-service-war .................................. SKIPPED > [INFO] audit-service ...................................... SKIPPED > [INFO] sample-app ......................................... SKIPPED > [INFO] ------------------------------------------------------------ > ------------ > [INFO] BUILD FAILURE > [INFO] ------------------------------------------------------------ > ------------ > [INFO] Total time: 1.116 s > [INFO] Finished at: 2018-06-10T16:11:08+09:00 > [INFO] Final Memory: 12M/245M > [INFO] ------------------------------------------------------------ > ------------ > [ERROR] Plugin > org.apache.logging.log4j:log4j-audit-maven-plugin:1.0.0-SNAPSHOT > or one of its dependencies could not be resolved: Could not find artifact > org.apache.logging.log4j:log4j-audit-maven-plugin:jar:1.0.0-SNAPSHOT -> > [Help 1] > [ERROR] > > > On Sun, Jun 10, 2018 at 2:53 PM, Ralph Goers <ralph.go...@dslextreme.com> > wrote: > >> I finally have had time to take a breath and do something with this. I >> have tried to incorporate many of your comments in the documentation. I >> have updated my web site accordingly. Some comments are below. >> >> I really would like feedback on more than just the site as I need to >> release this. >> >> > On May 7, 2018, at 5:42 PM, Remko Popma <remko.po...@gmail.com> wrote: >> > >> > I had time to look at this during the flight, here it is: >> > >> > ---- >> > index.html >> > >> > typo: Diagnostic logs are critical in aiding in maintaining the >> > servicability -> critical in maintaining? >> > >> > Overall, the first three sections, "What is Audit Logging", What is the >> > difference between audit logging and normal logging?" and "What is Log4j >> > Audit?" are very good: give good overview of the purpose and don't >> assume >> > prior knowledge. >> > >> > From the "Features" section, the narrative changes perspective from what >> > users would want to what Log4j Audit provides. >> > I would add a few sentences to that transition, something like: >> > >> > {quote} >> > (after Features) >> > Each application has its own audit events. Before using Log4j Audit, >> > applications need to define AuditMessages that capture the exact >> attributes >> > of its audit events. The [Getting Started](link) page provides a >> tutorial >> > that explains how to define audit events for an application. >> > >> > (after Audit Event Catalog header) >> > Once audit events are defined, they need to be maintained: as the >> > application evolves, developers will inevitably discover they need to >> add, >> > remove or change attributes of the audit events. Log4j Audit can persist >> > the audit event definitions in a JSON file. This file becomes the Audit >> > Event Catalog for the application. Log4j Audit is designed to store the >> > event definition file in a Git repository so that the evolution of the >> > audit events themselves have an audit trail in the Git history of the >> file. >> > Log4j Audit provides a web interface for editing the events. >> > >> > Log4j Audit uses the catalog of events to determine ... (continue with >> > current text of Audit Event Catalog) >> > {quote} >> > >> > Question about the Requirements section: it isn't clear to me (and >> likely >> > to other readers) why Dynamic Event Catalogs would require a database >> > instead of one or more JSON files. Is that explained somewhere? Perhaps >> > Dynamic Audit Events need a separate page or dedicated section >> somewhere. >> > The Getting Started page mentions "manage dynamic catalogs" in the >> > paragraph under "What you will build" but I couldn't find anything on >> the >> > topic of dynamic catalogs. >> > >> > >> > >> > ---- >> > catalog.html >> > >> > From the first paragraph, I would remove "The events may be grouped by >> > Products and/or Categories, but at this time nothing in Log4j Audit >> makes >> > use of the product or catalog definitions". The same sentences is >> repeated >> > at the bottom of the page and since this feature is not used it is >> > confusing to me that the feature is so prominently mentioned in the >> first >> > paragraph of the page. I would consider removing this feature >> altogether. >> > >> > Overall this is a very good page. Succinct but complete. Consider >> moving it >> > above RequestContext in the left-hand navigation menu. >> > >> > >> > >> > ---- >> > gettingStarted.html >> > >> > Overall, this page is only effective for people who actually perform the >> > steps and execute the commands mentioned in the page. >> > >> > It would be good if the page would also be useful for people who only >> read >> > the page but don't actually perform the steps: >> > >> > * Can the page also show an example of an audit event in JSON format. >> This >> > could be a simple event with few attributes (maybe a login event?) or >> the >> > transfer event that is used later in the page. >> > * I would also like to see the Java interface that is generated from >> this >> > JSON audit event. >> > * Finally, I would like to see how my application would use this >> generated >> > Java interface. How do I get an instance, how do I populate the >> attributes, >> > and what do I do with the instance after I populated it? >> > >> > I'm sure the above is available in the source code of the sample >> > application, but this page is a good place to show some of the >> highlights >> > of that source code with some explanatory text. >> > >> > Secondly, the page mentions remote audit logging and how the war file >> > provides endpoints for remove audit logging. Is it worth dedicating a >> > separate page to show how to configure end points for remote audit >> logging? >> > >> > Finally, about the catalog screenshots: I understand that attributes are >> > managed separately so they can be reused. The second screenshot shows >> the >> > billPay and deposit events. Are these events related to the transfer >> event >> > that is mentioned in the curl example in this page? >> >> These are events that take place in banking. billPay is paying a bill, >> deposit is depositing money into an account, transfer moves money from one >> account to another. I used these because many people understand these >> concepts. >> >> >> > I was trying to see how >> > they could be related but couldn't figure it out. >> > Also, what are the attributes for the billPay and deposit events? >> >> The attributes for these events are those shown in the “Assigned >> Attributes” column. The request context attributes are available for all >> events. >> >> > If the >> > Catalog Editor has a screen to show the attributes that are part of an >> > event then it may be good to add a screenshot for this (I guess this >> would >> > be the Edit Event screen) as well. That would tie all these concepts >> > together. >> >> As I said, the attributes are on the screen that is shown. I would >> suggest you perform the steps in the getting started so you can see for >> yourself. >> > >> > >> > ---- >> > requestContext.html >> > >> > typo: typcial -> typical >> > typo: acrossall -> across all >> > typo: datbase -> database >> > >> > About Mapping Annotations: >> > This is still a bit abstract to me. Would it be possible to provide some >> > more explanation on when applications should use ClientServer, when >> Local, >> > and when Chained annotations? Perhaps some example use cases? Or, if >> > possible, tie this to the use case presented in the sample application >> (if >> > that makes sense)? >> >> I am not sure what more there is to say. Local means a value in the >> request context is local to that server and should not be passed to called >> services. ClientServer means that a value is passed from the current >> application to services it calls. Chained means the value is associated >> with one request context field on the current server but will be in a >> different field in the called service. The example for chained is the >> current hostname. The hostname request context field always contains the >> host name of the current server. When calling a service the current host >> name moves to the callingHost field so that the called service knows what >> server called it. >> >> > >> > About Transporting the RequestContext: >> > Until now, the information was generically useful for all applications, >> but >> > this section is specifically useful for web applications. >> > For people who don't work on web applications this transition may be a >> bit >> > jarring. >> > Would it make sense for this section and the following two sections to >> be >> > moved to a separate page? Something like "Web Applications" or "Remote >> > Audit Logging”? >> >> This concept applies to any kind of distributed application. For example, >> with AMQP we do the exact same thing by copying the RequestContext fields >> into AMQP headers and then repopulating the RequestContext when the message >> is processed in the consumer. I have added text to describe this. I have >> components that do this for my day job but I have not added them to >> log4j-audi. >> >> > >> > ---- >> > Remko >> > >> >> >> >