Sure
Ralph
> On Oct 10, 2023, at 2:05 AM, Piotr P. Karwasz wrote:
>
> Hi all,
>
> Since Log4j Audit will not be archived, could someone update its
> dependencies? Dependabot has lots of security alerts about it:
>
> https://github.com/apache/logging-log4j-audit/security/dependabot
>
>
IMO metrics and auditing don’t have a lot in common. That said, I do use the
RequestContext to log elapsed time of every request. See the
RequestContextFilter class.
Ralph
> On Jun 11, 2018, at 11:56 AM, Matt Sicker wrote:
>
> What about metrics gathering? Is that an orthogonal concern or
What about metrics gathering? Is that an orthogonal concern or can you make
audit logs like that?
On Mon, Jun 11, 2018 at 12:59, Ralph Goers
wrote:
> So for the use case you describe I would suggest you think about the
> events that need to be audited and the data that is associated with those
So for the use case you describe I would suggest you think about the events
that need to be audited and the data that is associated with those events. Then
figure out which are request context items (for web apps there are a few that
should be considered “universal" since every app on the
I think this is an observability related idea which is still rather new to
many companies who are just finally embracing DevOps in the first place. I
love the idea though!
On Mon, Jun 11, 2018 at 10:32, Ralph Goers
wrote:
> Really? I would think almost everything would want to track who made
Really? I would think almost everything would want to track who made what
change to the system.
Ralph
> On Jun 11, 2018, at 5:20 AM, Matt Sicker wrote:
>
> Ok, thanks for the clarification. It sounded far more advanced, and I’m
> getting a better picture here. I’ve never worked in a domain
Ok, thanks for the clarification. It sounded far more advanced, and I’m
getting a better picture here. I’ve never worked in a domain that requires
auditing before.
On Mon, Jun 11, 2018 at 08:03, Apache wrote:
> No. It implements that feature through the request context but I wouldn’t
> use a
No. It implements that feature through the request context but I wouldn’t use a
catalog for simple trace logging.
Ralph
> On Jun 11, 2018, at 4:29 AM, Matt Sicker wrote:
>
> One thing I didn’t notice until now is that this is a superset of
> distributed trace logging. Would you say that’s
One thing I didn’t notice until now is that this is a superset of
distributed trace logging. Would you say that’s accurate?
On Mon, Jun 11, 2018 at 00:54, Apache wrote:
> One thing I forgot to mention. Although Log4J audit doesn’t make use of
> the product or category the catalog’s usefulness
One thing I forgot to mention. Although Log4J audit doesn’t make use of the
product or category the catalog’s usefulness really comes into play when you
want to create a UI to query and display the audit events. In that case
associating events with products and/or categories can be quite
Oh. You don’t have the maven plugin. Since it hasn’t been released yet you will
have to build the Log4J audit project.
Sent from my iPad
> On Jun 10, 2018, at 12:23 AM, Remko Popma wrote:
>
> That is with
> C:\Users\remko\IdeaProjects\logging-log4j-audit-sample>mvn --version
> Apache Maven
Ok. I will take a look in the morning.
Sent from my iPad
> On Jun 10, 2018, at 12:23 AM, Remko Popma wrote:
>
> That is with
> C:\Users\remko\IdeaProjects\logging-log4j-audit-sample>mvn --version
> Apache Maven 3.5.2 (138edd61fd100ec658bfa2d307c43b76940a5d7d;
> 2017-10-18T16:58:13+09:00)
>
That is with
C:\Users\remko\IdeaProjects\logging-log4j-audit-sample>mvn --version
Apache Maven 3.5.2 (138edd61fd100ec658bfa2d307c43b76940a5d7d;
2017-10-18T16:58:13+09:00)
Maven home: C:\apps\apache-maven-3.5.2\bin\..
Java version: 1.8.0_161, vendor: Oracle Corporation
Java home:
getting this now
[INFO] Reactor Summary:
[INFO]
[INFO] Audit Sample Parent SUCCESS [
0.839 s]
[INFO] audit-service-api .. FAILURE [
0.006 s]
[INFO] audit-service-war .. SKIPPED
[INFO] audit-service
I finally have had time to take a breath and do something with this. I have
tried to incorporate many of your comments in the documentation. I have updated
my web site accordingly. Some comments are below.
I really would like feedback on more than just the site as I need to release
this.
>
Thanks. I am so swamped at work right now I probably won’t get anything done
with this for a week or so.
Ralph
> On May 10, 2018, at 7:46 AM, Remko Popma wrote:
>
> Ralph, the doc changes are improvements but not ground to veto a release.
> I haven't actually tried it
Ralph, the doc changes are improvements but not ground to veto a release.
I haven't actually tried it yet.
On Wed, May 9, 2018 at 11:47 PM, Matt Sicker wrote:
> I've never worked in a domain where audit logging is used, so I won't have
> much feedback about that. I will,
I've never worked in a domain where audit logging is used, so I won't have
much feedback about that. I will, however, provide a more thorough release
review (similar to Incubator).
On 9 May 2018 at 00:32, Ralph Goers wrote:
> Thanks for this re-review. While I am
Thanks for this re-review. While I am going to go through this and make some
changes, my basic question would be is if any of this would make you vote -1 on
a release candidate? While I think the documentation should be good I don’t
think it has to be perfect.
Although I have been using it
I had time to look at this during the flight, here it is:
index.html
typo: Diagnostic logs are critical in aiding in maintaining the
servicability -> critical in maintaining?
Overall, the first three sections, "What is Audit Logging", What is the
difference between audit logging and normal
I've been meaning to take a closer look at this. I'll review it over the
next day or two.
On 6 May 2018 at 16:26, Ralph Goers wrote:
> I spoke too soon. I made a minor change to add a link to Apache events in
> the site header.
>
> Ralph
>
> > On May 6, 2018, at 2:24
I spoke too soon. I made a minor change to add a link to Apache events in the
site header.
Ralph
> On May 6, 2018, at 2:24 PM, Ralph Goers wrote:
>
> I don’t think anything has changed since I last published but I will rebuild
> it and publish it again.
>
> Ralph
I don’t think anything has changed since I last published but I will rebuild it
and publish it again.
Ralph
> On May 6, 2018, at 12:52 PM, Remko Popma wrote:
>
> I’ll be flying back to Tokyo tomorrow but I can take another look when I’m
> back. Is there a recent
I’ll be flying back to Tokyo tomorrow but I can take another look when I’m
back. Is there a recent snapshot of the site on your GitHub account?
> On May 6, 2018, at 21:35, Ralph Goers wrote:
>
> I have finished everything I wanted to accomplish for the first
Once again, thanks for the comments!
In general you have most of the flow down, although I would do them in a
different order.
1) Install the catalog editor (This is a one time activity)
2) Perform analysis.
3) Use the editor to create audit event and attribute definitions.
4) Publish those
Ralph,
very nice improvements! Especially the first page does a great job at
explaining what audit logging is and why/when you would want to use it.
The Getting Started page then does a tutorial-style deep dive into using
Log4j Audit, but unfortunately gets a bit bogged down in setting up the
Ok, I’ll try tonight if I can.
> On Feb 12, 2018, at 9:31, Ralph Goers wrote:
>
> Remko,
>
> I believe I have addressed most of the feedback from these two emails,
> although I haven’t figured out how the selected component stays highlighted
> in the left hand
Remko,
I believe I have addressed most of the feedback from these two emails, although
I haven’t figured out how the selected component stays highlighted in the left
hand menu. I’d appreciate you and everyone else taking another look at
https://rgoers.github.io/log4j-audit/index.html
On 4 February 2018 at 23:35, Ralph Goers wrote:
> Well I have good news and bad news. The bad news is that I forgot my wife
> and I were having people over for the super bowl so I didn’t have as much
> time as I had hoped and I wasn’t able to run the Log4j 2.11.0
Chandra,
Yes it is a new project. I’ve been working on it for quite some time. I
developed something like it for my former employer many years ago and it was
one of my primary motivations for starting Log4j 2. I am using this project at
my current employer.
A container is not required to
Hi Remko,
+1 for the top page feedback. This is the first time I’m looking at this (is
this a new project under log4j?).
Also, is a container (tomcat or others ) a requirement? if it is I do not see
it in the requirements section. I assumed it was an api either using or built
on top of log4j2
Remko,
Thanks for all the good feedback! That is exactly what I was looking for.
I won’t answer the questions you posed here. Instead, I will try to correct the
web site to see if it does the job.
Ralph
> On Feb 5, 2018, at 8:04 AM, Remko Popma wrote:
>
> About the
About the web site, the project seems to have components, but the component
links in the left-hand navigation menu are not very useful:
If you click on "Audit API" for example, only some standard Maven-generated
component links/pages are visible, no javadoc or sources in the Component
Reports.
Yup, it is needed in log4j-catalog-jpa to get javax.persistence. I probably
don’t need it in the other modules (except for the wars).
Ralph
> On Sep 6, 2017, at 1:13 PM, Mikael Ståldal wrote:
>
> I see that several modules depends on javax:javaee-api. Is that necessary? It
I see that several modules depends on javax:javaee-api. Is that
necessary? It should only be necessary in log4j-catalog-jpa, right?
I see that log4j-catalog-api and log4j-catalog-git depends on
javax:javaee-api and on Spring Framework. It would be better if those
modules didn't.
On
Thanks, I will look at JavaPoet and see if it makes things any simpler.
Only the web app and rest service depend on Spring. At this point it is a
requirement.
What JavaEE stuff?
The catalog-war project is a user interface for editing the catalog. When I
start creating documents I will take
I had a quick look. Some comments:
* You might want to use the JavaPoet library to generate Java source
code, it is Apache-licensed, available on Maven central and has no
transitive dependencies: https://github.com/square/javapoet
* Some users might not like to depend on Spring Framework.
*
37 matches
Mail list logo