Or, if you don't want to slow down every message, make it safe before you
send to log4net..
String sensitiveString = "My password is 1234";
log.Info(l4nHelper.MakeSafe(sensitiveString));
you should know before you log it if it's risky or not.. and I'd hate to
add an extra step to logging every message (100k+) when only 3-5 messages a
day are sensitive.. stats from my latest app..
-Peter
On Thu, Oct 2, 2008 at 4:58 PM, Ron Grabowski <[EMAIL PROTECTED]>wrote:
> IObjectRender was designed to allow custom objects (i.e. non-value objects)
> to be formatted. log4net optmizes string messages by bypassing the
> IObjectRenderer code. I don't think a lot of people use IObjectRender. If
> you want to use an object renderer you can wrap your sensitive messages like
> this:
>
> SensitiveString sensitiveString = new SensitiveString("My password is
> 1234");
> log.Info(sensitiveString);
>
> then register the renderer for the SensitiveString class. I'd probably
> write a ForwardingAppender or a Filter that alters the message before the
> real Appender receives the message.
>
>
>
> ----- Original Message ----
> From: Lars Bjønnes <[EMAIL PROTECTED]>
> To: [email protected]
> Sent: Thursday, October 2, 2008 2:44:52 PM
> Subject: Replacing text in log messages
>
> Hello,
>
> I am trying to replace certain text strings in log messages, based on
> a regular expression. The goal is to prevent sensitive information
> being logged.
>
> Is there any easy way of doing this?
>
> I have so far tried to write a simple implementation of the
> IObjectRenderer as a small end to end test
>
> namespace Log4netRegexpRenderer
> {
> public class RegexpObjectRenderer : IObjectRenderer
> {
> /// <summary>
> /// Proceed to rendering for a given object.
> /// </summary>
> public string DoRender(RendererMap rendererMap, object obj)
> {
> return "Yeah, we're getting somehwere";
> }
> }
> }
>
> Then adding this to log4net.config:
>
>
> <renderer
> renderingClass="Log4netRegexpRenderer.RegexpObjectRenderer,
> Log4netRegexpRenderer" renderedClass="System.String, mscorlib" />
>
> When I set the internal debug property in log4net to true, I can see
> that my assembly is pickedup and that there indeed is initialized an
> instance of my RegexpObjectRenderer.
>
> However, it never calls DoRender in my custom object renderer. Is it
> possible to catch System.String/string by (mis)using the
> ObjectRenderer, or do I have to use custom objects? (Which works fine)
>
> (I have no problems getting a custom renderer to work with my own
> custom classes, but no luck with System.String).
>
> Suggestions?
>
> Regards,
>
> Lars
>
