The SocketServer was removed from Log4j 2 in the 2.8.2 release to address 
CVE-2017-5645. Most implementations used Java serialized events as the format 
of the data being sent, which is inherently insecure. The code still exists in 
<> and can be used as a sample 
starting point but that code will likely never be released. 

I would also suggest that using just raw TCP as the protocol is a mistake. When 
issues happen and the consuming service is taken down typically the application 
will continue to send at least one more message “successfully” before the error 
is detected. Using acknowledgements, such as what the Flume appender does, 
avoids this problem. 


> On Mar 17, 2022, at 1:14 AM, Gajendra S V <> wrote:
> Hi Team,
> We are migrating our application from log4j to log4j2 and  using the
> log4j.2.17.1 version now. I have come across TCPSocketServer which is used
> in the higher version  instead of Socket Node. But I could not see the same
> class on 2.17.1 version. Please let me know how to write remote logs .
> Below is the sample code used in the current log4j version.
> ServerSocket serverSocket = new ServerSocket(port, backlog, bindAddress);
> Socket lSocket = serverSocket.accept();
> socketArrayInUse.add(lSocket);
> InetAddress lAddr = lSocket.getInetAddress();
> LoggerRepository lRepo = getLoggerRepository(lAddr);
> SocketNode lNode = new SocketNode(lSocket, lRepo);
> String lClientHost = lAddr.getHostName();
> SocketThread lThread = new SocketThread(lNode, lClientHost);
> lThread.start();
> Thanks
> Gajendra S V

Reply via email to