Hello all, As part of some other work I have been doing, our team has decided that it would be worth extending the Log4j2 library in such a way as to better support logging of security events. We also thought what we did would be of interest to the larger Apache community, mostly because the need for application-level security auditing is growing to help mitigate the increase of application security incidents. In order to facilitate better auditing practices, developers now have a need to include better security logging practices in the development process. Application logs provide valuable data for:
- Identifying security threats - Monitoring policy violations - Providing details about problems and unusual conditions - Contributing application-specific data for auditing which is lacking in other sources - Helping defend against vulnerability identification and exploitation through attack detection. I have attached a document that more thoroughly explains what we have done and what "problems" we were looking to solve with our changes. I am looking for some guidance on how I should go about submitting these changes back to the Apache Log4j 2.x team for inclusion in the code base. I have implemented both the functionality and the appropriate JUnit code for testing of the additions. If anyone could respond with some information to help, I would greatly appreciate it. Thank you, -- Bryan Krol Software Engineer Technergetics, LLC [email protected] Phone: (315) 271-2096 Fax: (886) 307-4382
Security Logging as part of Log4j-v4-20160108_160213.pdf
Description: Adobe PDF document
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
