How secure does it need to be? Because there are usually ways around Java security (hence all the security patches). Oftentimes, a misconfigured policy file is enough to let the house of cards come tumbling down!
On 8 September 2014 18:36, Ralph Goers <[email protected]> wrote: > Christian, > > I started work on Log4j 2 primarily for use by my employer at the time, > who performs internet banking activities. As such, losing audit events is > not acceptable in that environment. > > I am not really clear on what you are asking. If you don’t specify a > monitorInterval on your configuration then you will not be able to > reconfigure logging during execution, which sounds like what you are > wanting. If you want a start and stop message one way to do that is to > specify a start and stop message in the header and footer elements of the > PatternLayout. If you are running in a servlet container you can also use > a ServletContextListener to do that. > > Ralph > > On Sep 8, 2014, at 8:22 AM, Christian Müller <[email protected]> > wrote: > > > Hello list! > > > > For PCI requirement 10.2.6 (Initialization, stopping, or pausing of the > > audit logs) [1], I'm wondering what the best solution would be from your > > point of view? > > > > The PCI requirement are detailed further in the spec: > > Verify the following are logged: > > - Initialization of audit logs > > - Stopping or pausing of audit logs > > > > Turning the audit logs off (or pausing them) prior to performing illicit > > activities is a common practice for malicious users wishing to avoid > > detection. Initialization of audit logs could indicate that the log > > function was disabled by a user to hide their actions. > > > > The PCI auditor told us, "it's enoght" if the application logs when it's > > started and when it's stopped. > > > > [1] https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf > > > > Thanks in advance, > > Christian > > ----------------- > > > > Software Integration Specialist > > > > Apache Member > > V.P. Apache Camel | Apache Camel PMC Member | Apache Camel committer > > Apache Incubator PMC Member > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > > -- Matt Sicker <[email protected]>
