Re: [logging-log4j-audit] release plans for 1.0.2?

2019-06-02 Thread Matt Sicker
I can help finish the release with any PMC-specific aspects. We can certainly help explain any release steps. Making a new release guide for the audit component would be great, too. On Sun, 2 Jun 2019 at 12:56, Ralph Goers wrote: > > I should also add that there are a couple of steps that have

Re: [logging-log4j-audit] release plans for 1.0.2?

2019-06-02 Thread Ralph Goers
I should also add that there are a couple of steps that have to be performed by a PMC member but those are after the release vote. If feel up to giving it a try that would be great! Ralph > On Jun 2, 2019, at 10:54 AM, Ralph Goers wrote: > > Yes, I more or less follow the same process. Since

Re: [logging-log4j-audit] release plans for 1.0.2?

2019-06-02 Thread Ralph Goers
Yes, I more or less follow the same process. Since it uses Java 8 it doesn’t need to add the TLS property though. Ralph > On Jun 2, 2019, at 9:46 AM, Matt Sicker wrote: > > This looks to be one of the few components that doesn't have a dedicated > release guide on the wiki yet. This likely

Re: [logging-log4j-audit] release plans for 1.0.2?

2019-06-02 Thread Matt Sicker
This looks to be one of the few components that doesn't have a dedicated release guide on the wiki yet. This likely follows the same steps as the Log4j 2 release guide, though: https://cwiki.apache.org/confluence/display/LOGGING/Log4j+2+Release+Process On Sun, Jun 2, 2019 at 06:04, Andrei Ivanov

[logging-log4j-audit] release plans for 1.0.2?

2019-06-02 Thread Andrei Ivanov
Hi, I would really like to see 1.0.2 released. Do you think there's anything else that should go in? Is there a release procedure documented somewhere so I can do that myself? Thank you, Andrei

Re: Log4j-audit release

2018-06-11 Thread Ralph Goers
IMO metrics and auditing don’t have a lot in common. That said, I do use the RequestContext to log elapsed time of every request. See the RequestContextFilter class. Ralph > On Jun 11, 2018, at 11:56 AM, Matt Sicker wrote: > > What about metrics gathering? Is that an orthogonal concern or

Re: Log4j-audit release

2018-06-11 Thread Matt Sicker
What about metrics gathering? Is that an orthogonal concern or can you make audit logs like that? On Mon, Jun 11, 2018 at 12:59, Ralph Goers wrote: > So for the use case you describe I would suggest you think about the > events that need to be audited and the data that is associated with those

Re: Log4j-audit release

2018-06-11 Thread Ralph Goers
So for the use case you describe I would suggest you think about the events that need to be audited and the data that is associated with those events. Then figure out which are request context items (for web apps there are a few that should be considered “universal" since every app on the

Re: Log4j-audit release

2018-06-11 Thread Matt Sicker
I think this is an observability related idea which is still rather new to many companies who are just finally embracing DevOps in the first place. I love the idea though! On Mon, Jun 11, 2018 at 10:32, Ralph Goers wrote: > Really? I would think almost everything would want to track who made

Re: Log4j-audit release

2018-06-11 Thread Ralph Goers
Really? I would think almost everything would want to track who made what change to the system. Ralph > On Jun 11, 2018, at 5:20 AM, Matt Sicker wrote: > > Ok, thanks for the clarification. It sounded far more advanced, and I’m > getting a better picture here. I’ve never worked in a domain

Re: Log4j-audit release

2018-06-11 Thread Matt Sicker
Ok, thanks for the clarification. It sounded far more advanced, and I’m getting a better picture here. I’ve never worked in a domain that requires auditing before. On Mon, Jun 11, 2018 at 08:03, Apache wrote: > No. It implements that feature through the request context but I wouldn’t > use a

Re: Log4j-audit release

2018-06-11 Thread Apache
No. It implements that feature through the request context but I wouldn’t use a catalog for simple trace logging. Ralph > On Jun 11, 2018, at 4:29 AM, Matt Sicker wrote: > > One thing I didn’t notice until now is that this is a superset of > distributed trace logging. Would you say that’s

Re: Log4j-audit release

2018-06-11 Thread Matt Sicker
One thing I didn’t notice until now is that this is a superset of distributed trace logging. Would you say that’s accurate? On Mon, Jun 11, 2018 at 00:54, Apache wrote: > One thing I forgot to mention. Although Log4J audit doesn’t make use of > the product or category the catalog’s usefulness

Re: Log4j-audit release

2018-06-10 Thread Apache
One thing I forgot to mention. Although Log4J audit doesn’t make use of the product or category the catalog’s usefulness really comes into play when you want to create a UI to query and display the audit events. In that case associating events with products and/or categories can be quite

Re: Log4j-audit release

2018-06-10 Thread Apache
Oh. You don’t have the maven plugin. Since it hasn’t been released yet you will have to build the Log4J audit project. Sent from my iPad > On Jun 10, 2018, at 12:23 AM, Remko Popma wrote: > > That is with > C:\Users\remko\IdeaProjects\logging-log4j-audit-sample>mvn --version > Apache Maven

Re: Log4j-audit release

2018-06-10 Thread Apache
Ok. I will take a look in the morning. Sent from my iPad > On Jun 10, 2018, at 12:23 AM, Remko Popma wrote: > > That is with > C:\Users\remko\IdeaProjects\logging-log4j-audit-sample>mvn --version > Apache Maven 3.5.2 (138edd61fd100ec658bfa2d307c43b76940a5d7d; > 2017-10-18T16:58:13+09:00) >

Re: Log4j-audit release

2018-06-10 Thread Remko Popma
That is with C:\Users\remko\IdeaProjects\logging-log4j-audit-sample>mvn --version Apache Maven 3.5.2 (138edd61fd100ec658bfa2d307c43b76940a5d7d; 2017-10-18T16:58:13+09:00) Maven home: C:\apps\apache-maven-3.5.2\bin\.. Java version: 1.8.0_161, vendor: Oracle Corporation Java home:

Re: Log4j-audit release

2018-06-10 Thread Remko Popma
getting this now [INFO] Reactor Summary: [INFO] [INFO] Audit Sample Parent SUCCESS [ 0.839 s] [INFO] audit-service-api .. FAILURE [ 0.006 s] [INFO] audit-service-war .. SKIPPED [INFO] audit-service

Re: Log4j-audit release

2018-06-09 Thread Ralph Goers
I finally have had time to take a breath and do something with this. I have tried to incorporate many of your comments in the documentation. I have updated my web site accordingly. Some comments are below. I really would like feedback on more than just the site as I need to release this. >

Re: Log4j-audit release

2018-05-10 Thread Ralph Goers
Thanks. I am so swamped at work right now I probably won’t get anything done with this for a week or so. Ralph > On May 10, 2018, at 7:46 AM, Remko Popma wrote: > > Ralph, the doc changes are improvements but not ground to veto a release. > I haven't actually tried it

Re: Log4j-audit release

2018-05-10 Thread Remko Popma
Ralph, the doc changes are improvements but not ground to veto a release. I haven't actually tried it yet. On Wed, May 9, 2018 at 11:47 PM, Matt Sicker wrote: > I've never worked in a domain where audit logging is used, so I won't have > much feedback about that. I will,

Re: Log4j-audit release

2018-05-09 Thread Matt Sicker
I've never worked in a domain where audit logging is used, so I won't have much feedback about that. I will, however, provide a more thorough release review (similar to Incubator). On 9 May 2018 at 00:32, Ralph Goers wrote: > Thanks for this re-review. While I am

Re: Log4j-audit release

2018-05-08 Thread Ralph Goers
Thanks for this re-review. While I am going to go through this and make some changes, my basic question would be is if any of this would make you vote -1 on a release candidate? While I think the documentation should be good I don’t think it has to be perfect. Although I have been using it

Re: Log4j-audit release

2018-05-07 Thread Remko Popma
I had time to look at this during the flight, here it is: index.html typo: Diagnostic logs are critical in aiding in maintaining the servicability -> critical in maintaining? Overall, the first three sections, "What is Audit Logging", What is the difference between audit logging and normal

Re: Log4j-audit release

2018-05-06 Thread Matt Sicker
I've been meaning to take a closer look at this. I'll review it over the next day or two. On 6 May 2018 at 16:26, Ralph Goers wrote: > I spoke too soon. I made a minor change to add a link to Apache events in > the site header. > > Ralph > > > On May 6, 2018, at 2:24

Re: Log4j-audit release

2018-05-06 Thread Ralph Goers
I spoke too soon. I made a minor change to add a link to Apache events in the site header. Ralph > On May 6, 2018, at 2:24 PM, Ralph Goers wrote: > > I don’t think anything has changed since I last published but I will rebuild > it and publish it again. > > Ralph

Re: Log4j-audit release

2018-05-06 Thread Ralph Goers
I don’t think anything has changed since I last published but I will rebuild it and publish it again. Ralph > On May 6, 2018, at 12:52 PM, Remko Popma wrote: > > I’ll be flying back to Tokyo tomorrow but I can take another look when I’m > back. Is there a recent

Re: Log4j-audit release

2018-05-06 Thread Remko Popma
I’ll be flying back to Tokyo tomorrow but I can take another look when I’m back. Is there a recent snapshot of the site on your GitHub account? > On May 6, 2018, at 21:35, Ralph Goers wrote: > > I have finished everything I wanted to accomplish for the first

Log4j-audit release

2018-05-06 Thread Ralph Goers
I have finished everything I wanted to accomplish for the first release of log4j-audit and so I am ready to generate a release candidate. Before I do that I’d like to provide one more chance for feedback. Thoughts? Ralph