You may need to patch log4j 1.2 yourself if you're doing it at that level. There's a reason why SLF4J and Log4j 2 exist, and a big part of that involves the inability to improve version 1 without rewriting the API.
On 9 September 2014 03:59, Christian Müller <[email protected]> wrote: > Hello Matt! > > Thanks for looking into it. > We don't looking for policy file configuration. Also changes on our log4j > configuration are monitored and audited by other security features > (somebody could disable the logging, do some illegal stuff and enable the > logging again). > We "only" have to write a start/stop messages to show, the application is > running and able to log events. > > Best, > Christian > ----------------- > > Software Integration Specialist > > Apache Member > V.P. Apache Camel | Apache Camel PMC Member | Apache Camel committer > Apache Incubator PMC Member > > > > On Mon, Sep 8, 2014 at 5:22 PM, Christian Müller < > [email protected]> wrote: > > > Hello list! > > > > For PCI requirement 10.2.6 (Initialization, stopping, or pausing of the > > audit logs) [1], I'm wondering what the best solution would be from your > > point of view? > > > > The PCI requirement are detailed further in the spec: > > Verify the following are logged: > > - Initialization of audit logs > > - Stopping or pausing of audit logs > > > > Turning the audit logs off (or pausing them) prior to performing illicit > > activities is a common practice for malicious users wishing to avoid > > detection. Initialization of audit logs could indicate that the log > > function was disabled by a user to hide their actions. > > > > The PCI auditor told us, "it's enoght" if the application logs when it's > > started and when it's stopped. > > > > [1] https://www.pcisecuritystandards.org/documents/PCI_DSS_v3.pdf > > > > Thanks in advance, > > Christian > > ----------------- > > > > Software Integration Specialist > > > > Apache Member > > V.P. Apache Camel | Apache Camel PMC Member | Apache Camel committer > > Apache Incubator PMC Member > > > -- Matt Sicker <[email protected]>
