Christian, I started work on Log4j 2 primarily for use by my employer at the time, who performs internet banking activities. As such, losing audit events is not acceptable in that environment.
I am not really clear on what you are asking. If you don’t specify a monitorInterval on your configuration then you will not be able to reconfigure logging during execution, which sounds like what you are wanting. If you want a start and stop message one way to do that is to specify a start and stop message in the header and footer elements of the PatternLayout. If you are running in a servlet container you can also use a ServletContextListener to do that. Ralph On Sep 8, 2014, at 8:22 AM, Christian Müller <[email protected]> wrote: > Hello list! > > For PCI requirement 10.2.6 (Initialization, stopping, or pausing of the > audit logs) [1], I'm wondering what the best solution would be from your > point of view? > > The PCI requirement are detailed further in the spec: > Verify the following are logged: > - Initialization of audit logs > - Stopping or pausing of audit logs > > Turning the audit logs off (or pausing them) prior to performing illicit > activities is a common practice for malicious users wishing to avoid > detection. Initialization of audit logs could indicate that the log > function was disabled by a user to hide their actions. > > The PCI auditor told us, "it's enoght" if the application logs when it's > started and when it's stopped. > > [1] https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf > > Thanks in advance, > Christian > ----------------- > > Software Integration Specialist > > Apache Member > V.P. Apache Camel | Apache Camel PMC Member | Apache Camel committer > Apache Incubator PMC Member --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
