Hi; I'm running short of time trying to figure out the right approach to capture the log4j message and remove something from the message if necessary to address an issue of log injection attack.
There are some earlied thread talked about using doRender method but I don't know if they ever get it worked out. http://mail-archives.apache.org/mod_mbox/logging-log4net-user/200410.mbox/[EMAIL PROTECTED] http://mail-archives.apache.org/mod_mbox/logging-log4j-user/200607.mbox/[EMAIL PROTECTED] I tried to get help from Log4J User community but not have good luck on this issue. If anyone from the Log4J developer community knows it's the way to call doRender() to pre-process the message rendering and it works in your experience please help me out with this. I just can't get my doRender() method called but I'm sure the new added <renderer> is loaded from my log4j.xml. <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE log4j:configuration SYSTEM "log4j.dtd"> <log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/"; debug="true"> <renderer renderedClass="com.apress.business.CustomerOrder" renderingClass="com.apress.logging.log4j.renderer.OrderRenderer"/> > log4j: Threshold ="null". > log4j: Rendering class: > [com.apress.logging.log4j.renderer.OrderRenderer], > Rendered class: [com.apress.business.CustomerOrder]. > log4j: Level value for root is [debug]. > log4j: root level set to DEBUG > log4j: Class name: > [org.apache.log4j.ConsoleAppender] Or may be there are other ways to capture log4j message to change it other than using doRender() method. Please give me some clue. I know there is LoggingEvent object I can use to do getMessage()/getRenderedMessage() but there is no setMessage()/setRenderedMessage() in log4j version 1.2.14 to change the message for me so that it's not useful to my purpose. Thanks very much for your attention. Naider --- Naider Chen <[EMAIL PROTECTED]> wrote: > Hi: > > Can any one confirm to me it's working to call > doRender() method. I'll appreciate if you can > provide > me a successful example if you do make it work. I > use > log4j-1.2.14 in RAD6 and put log4j.xml in the > WEB-INF/classes folder and I'm sure the added > <renderer> has been loaded. > > I tried the complete example from > > http://www.java2s.com/Code/Java/Language-Basics/log4jAcompleteexample.htm > > > but the doRender() was never got called and it's not > calling to my own test to add <renderer> to the > log4j.xml and extend ObjectRenderer in my render > class > with doRender() method. > > I just have to know if this is the right way to call > doRender() and capture the message to change it. > > I tried what Ron has suggested me to use > LoggingEvent > object to filter the message to do getMessage() and > getRenderedMessage(). but it's not good to me since > there are no setRenderedMessage() to alter the > message > that I want to return. > > Thanks. > > Naider > > > log4j: Threshold ="null". > log4j: Rendering class: > [com.apress.logging.log4j.renderer.OrderRenderer], > Rendered class: [com.apress.business.CustomerOrder]. > log4j: Level value for root is [debug]. > log4j: root level set to DEBUG > log4j: Class name: > [org.apache.log4j.ConsoleAppender] > log4j: Setting property [threshold] to [DEBUG]. > log4j: Parsing layout of class: > "org.apache.log4j.PatternLayout" > log4j: Setting property [conversionPattern] to [%d > %-5p [%t] %C{2} (%F:%L) - %m%n]. > log4j: Adding filter of type [class > com.test.logging.log4j.filter.MyStringFilter] to > appender named [STDOUT]. > log4j: Adding appender named [STDOUT] to category > [root]. > enter MyDemo > %%%enter DtccStringFilter decide > %%%DTCC getMessage string is captured *test this > string* > %%%DTCC getRenderedMessage string is captured *test > this string* > 2007-06-06 10:52:25,551 INFO [main] log4j.MyDemo > (MyDemo.java:20) - test this string > > > --- Naider Chen <[EMAIL PROTECTED]> wrote: > > > Thanks Ron: > > > > Thank you for your reply and I really appreciate > it. > > > > > > May be The getRenderedMessage method in the > > LoggingEvent is another place that I can intercept > > the > > log message. But I'm just beginning to look how > to > > use log4j and I need to do some more research to > > find > > out how do I overwrite the getRenderedMessage > method > > to scan and pre-process the message. Can I extend > > the > > LoggingEvent and do something to have log4j use my > > child LoggingEvent method so that I can do what I > > need > > to do with the message. > > > > > > What I really need to do is to create a utilities > to > > be used to plug in to the application code so that > > all > > the log message can be scanned/pre-processed > before > > sending to the Appender. And of course the > > application code need to do the little the better. > > > > > > > I'm sure the added <renderer> tag in my log4j.xml > is > > loaded in my server but what I don't understand is > > that the doRender method is not get called. Could > > that be because a String object is been bypassed > > because it's already a String so that there is no > > need > > to render it again? I thought the doRender(object > > o) > > will catch all the object. Is this right? > > > > > > It this doRender approach the deadend to intercept > > the > > message or I can still catch a String object in > > doRender? > > > > > > I have changed the > renderedClass="java.lang.Object" > > to > > Object instead of String but it's the same thing > > doRender method print statement can't be found in > my > > consoleAppender. > > > > <log4j:configuration > > xmlns:log4j="http://jakarta.apache.org/log4j/"; > > debug="true"> > > <renderer renderedClass="java.lang.Object" > > renderingClass="test.log4j.LogCatcher"/> > > > > > > Here's the ocnsole log that shows the new > <renderer> > > tag showned in the logger. > > > > [6/1/07 15:28:09:453 EDT] 0000002a SystemOut O > > log4j: Rendering class: [test.log4j.LogCatcher], > > Rendered class: [java.lang.Object]. > > [6/1/07 15:28:09:453 EDT] 0000002a SystemOut O > > log4j: Level value for root is [debug]. > > [6/1/07 15:28:09:453 EDT] 0000002a SystemOut O > > log4j: root level set to DEBUG > > [6/1/07 15:28:09:469 EDT] 0000002a SystemOut O > > log4j: Class name: > > [org.apache.log4j.ConsoleAppender] > > [6/1/07 15:28:09:500 EDT] 0000002a SystemOut O > > log4j: Setting property [threshold] to [DEBUG]. > > [6/1/07 15:28:09:500 EDT] 0000002a SystemOut O > > log4j: Parsing layout of class: > > "org.apache.log4j.PatternLayout" > > [6/1/07 15:28:09:657 EDT] 0000002a SystemOut O > > log4j: Setting property [conversionPattern] to [%d > > %-5p [%t] %C{2} (%F:%L) - %m%n]. > > [6/1/07 15:28:09:657 EDT] 0000002a SystemOut O > > log4j: Adding appender named [STDOUT] to category > > [root]. > > [6/1/07 15:28:09:672 EDT] 0000002a ServletWrappe A > > > SRVE0242I: [TestCsfEAR] [/x] [EntitlementServlet]: > > Initialization successful. > > [6/1/07 15:28:09:704 EDT] 0000002a SystemOut O > > 2007-06-01 15:28:09,704 ERROR [WebContainer : 1] > > log4j.EntitlementServlet > > (EntitlementServlet.java:59) > > - log this info !!@@##$$%%^^&&**()++ > > > > > > --- "Gallagher, Ron" <[EMAIL PROTECTED]> wrote: > > > > > Naider -- > > > > > > The purpose of Renderers is to generate a String > > > representation of an > > > Object. Since a String is already a String, > > there's > > > no need to do any > > > additional rendering. > > > > > > The getRenderedMessage method in the > LoggingEvent > > is > > > what is responsible > > > for calling any defined renderers. This method > > has > > > an explicit check > > > for situations where the object that's about be > > > rendered is an instance > > > of String. In that case, the Object to render > is > > > simply cast into a > > > String and used as-is. > > > > > > > > > Ron Gallagher, AT&T Mobility > > > > > > > > > -----Original Message----- > > > From: Naider Chen [mailto:[EMAIL PROTECTED] > > > Sent: Thursday, May 31, 2007 5:26 PM > > > To: Log4J Users List > > > Subject: Unable to call doRender. Am I missing > > > anything? > > > > > > I'm trying to intercept the logging message to > > > filter > > > some keyword before forwarding to the > destination. > > > > > I > > > tested it in a windows environment using RAD6 > > > > > > I add the new <renderer> tag entry to log4j.xml > > and > > > put both log4j.dtd and log4j.xml in the > > > WEB-INF/classes folder but after I re-compile > and > > > bounce the server the doRender method was never > > get > > > called. > > > > > > Am I missing snything? Please help. Thanks. > > > > > > <renderer renderedClass="java.lang.String" > > > renderingClass="test.log4j.LogCatcher"/> > > > > > > I create a new class test.log4j.LogCatcher as > > > follows: > > > > > > package test.log4j; > > > import org.apache.log4j.*; > > > import org.apache.log4j.spi.*; > > > import org.apache.log4j.or.ObjectRenderer; > > > > > > public class LogCatcher implements > ObjectRenderer > > { > > > > > > public String doRender(Object arg0) { > > > String st = arg0.toString(); > > > System.out.println("LogCatcher doRender > > ********** > > > log string catched = *" + st + "*"); > > > return st; > > > } > > > } > > > > > > ALWAYS THERE FOR YOU!!! > > > Naider Chen > > > EMAIL ME ANYTIME!!!! > > > > > > > > > > > > > > > > > > > > > ________________________________________________________________________ > > > ____________ > > > Choose the right car based on your needs. Check > > out > > > Yahoo! Autos new > > > Car Finder tool. > > > http://autos.yahoo.com/carfinder/ > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > --------------------------------------------------------------------- > > > To unsubscribe, e-mail: > > > [EMAIL PROTECTED] > > > For additional commands, e-mail: > > > [EMAIL PROTECTED] > > > > > > > > > > > > ALWAYS THERE FOR YOU!!! > > Naider Chen > > EMAIL ME ANYTIME!!!! > > > > > > > > > > > > > ____________________________________________________________________________________ > > Moody friends. Drama queens. Your life? Nope! - > > their life, your story. Play Sims Stories at > Yahoo! > > Games. > > http://sims.yahoo.com/ > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: > > [EMAIL PROTECTED] > > For additional commands, e-mail: > > [EMAIL PROTECTED] > > > > > > > > > ____________________________________________________________________________________ > Need a vacation? Get great deals > to amazing places on Yahoo! Travel. > http://travel.yahoo.com/ > > --------------------------------------------------------------------- > To unsubscribe, e-mail: > [EMAIL PROTECTED] > For additional commands, e-mail: > [EMAIL PROTECTED] > > ALWAYS THERE FOR YOU!!! Naider Chen EMAIL ME ANYTIME!!!! ____________________________________________________________________________________ Pinpoint customers who are looking for what you sell. http://searchmarketing.yahoo.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
