Are you just talking about changing the current default configuration? Or are you envisioning having more than one somewhow?
If this is just about changing the current default configuration then I have some concerns: 1. It always has to work. 2. It cannot rely on optional components. JsonTemplateLayout is not in core so it cannot be included in the default. However, we could detect if it is available and use it if it is. Changing from PatternLayout to JsonTemplateLayout that only makes sense if you have tools to interpret the JSON. Looking at the raw JSON is painful. I’ve done it. Finally, my hope is that no one is using the default configuration. I can’t really think of any application that should be using it. However, we could create multiple defaults tailored to specific application types. Ralph > On Oct 3, 2023, at 9:35 AM, Matt Sicker <m...@musigma.org> wrote: > > I’ve had this idea for many years now, and as we get closer to 3.0, it seems > like it’s time to consider the details. We can change the default > configuration in 3.0 without being as surprising as any other version. I > think we could use this as an opportunity to demonstrate some best practices > and recommendations. For example, we could switch from PatternLayout to > JsonTemplateLayout by default to help prevent common vulnerabilities related > to log message forging (like putting a newline or similar and faking the log > output in the following line). Then there’s an option related to direct > console writing that we have disabled by default despite being benign. There > are probably other settings I haven’t considered at the moment. > > So what do you think? Any suggestions for the default configuration?
