The SocketServer was removed from Log4j 2 in the 2.8.2 release to address CVE-2017-5645. Most implementations used Java serialized events as the format of the data being sent, which is inherently insecure. The code still exists in https://github.com/apache/logging-log4j-tools <https://github.com/apache/logging-log4j-tools> and can be used as a sample starting point but that code will likely never be released.
I would also suggest that using just raw TCP as the protocol is a mistake. When issues happen and the consuming service is taken down typically the application will continue to send at least one more message “successfully” before the error is detected. Using acknowledgements, such as what the Flume appender does, avoids this problem. Ralph > On Mar 17, 2022, at 1:14 AM, Gajendra S V <svgajendr...@gmail.com> wrote: > > Hi Team, > > We are migrating our application from log4j to log4j2 and using the > log4j.2.17.1 version now. I have come across TCPSocketServer which is used > in the higher version instead of Socket Node. But I could not see the same > class on 2.17.1 version. Please let me know how to write remote logs . > Below is the sample code used in the current log4j version. > > ServerSocket serverSocket = new ServerSocket(port, backlog, bindAddress); > Socket lSocket = serverSocket.accept(); > socketArrayInUse.add(lSocket); > InetAddress lAddr = lSocket.getInetAddress(); > LoggerRepository lRepo = getLoggerRepository(lAddr); > SocketNode lNode = new SocketNode(lSocket, lRepo); > String lClientHost = lAddr.getHostName(); > SocketThread lThread = new SocketThread(lNode, lClientHost); > lThread.start(); > > Thanks > Gajendra S V
