[logback-user] Feedback from using Logback in an audit component

Anders Hammar anders at hammar.net
Mon Nov 3 15:21:51 CET 2008 

Hi,

It contains what you need for your audit logging. The type is an enum
which defines what kind of audit event it is. Other than that I can't
go into details. But, one could guess that stuff like user, time, user
action details would be logged...

/Anders

On Mon, Nov 3, 2008 at 3:14 PM, ralph.goers @dslextreme.com
<rgoers at apache.org> wrote:
> It would be nice to know what is in your AuditEvent. I suspect that is where
> our implementations differ.
>
> On Sun, Nov 2, 2008 at 11:42 AM, Anders Hammar <anders at hammar.net> wrote:
>>
>> Hi,
>>
>> Attached is a UML class diagram of the basics of the audit logger
>> implementation utilizing Logback. As you can see it's not very
>> complicated. What I have left out is most of the Joran configuration
>> parts (you don't need to use Joran for configuration if you don't want
>> to) and our extension of PatternLayoutBase (which uses a bunch of
>> Converters specific to our case).
>>
>> Once again, have a look at logback-access for instance and it
>> shouldn't be to hard to figure out.
>>
>> /Anders
>>
>> On Fri, Oct 31, 2008 at 1:21 PM, Chad La Joie <chad.lajoie at switch.ch>
>> wrote:
>> > Thanks.  We use Logback for a product with modestly large deployment.  I
>> > have an audit log now but I'm not entirely happy with it.  Event-based
>> > log entries would be a large step in the right direction.
>> >
>> > Anders Hammar wrote:
>> >> Hi Chad,
>> >>
>> >> I'm sorry to say no, my customer doesn't share code. Especially not
>> >> for this component. But due to the good design of logback this was
>> >> very straight forward. As I said, I used logback-core and implemented
>> >> a few classes on top of this. I found looking at how things were
>> >> solved in logback-classic and logback-access very helpful. I ran into
>> >> a few problems when extending some classes for our specific needs, but
>> >> I filed jiras regarding that and I believe it has been fixed in
>> >> 0.9.10/11.
>> >>
>> >> What I could do is sharing some kind of UML class diagram to show the
>> >> idea. I'll look at that on Monday.
>> >>
>> >> /Anders
>> >>
>> >> On Fri, Oct 31, 2008 at 9:45 AM, Chad La Joie <chad.lajoie at switch.ch>
>> >> wrote:
>> >>> Hey Anders,
>> >>>
>> >>> Do you have any code that you could share that shows how you did the
>> >>> event-based audit logging vs the standard level-based?
>> >>>
>> >>> Anders Hammar wrote:
>> >>>> I was asked by Ceki to share my successful Logback story with you
>> >>>> all.
>> >>>>
>> >>>> In a former assignment for one of our customers, we implemented an
>> >>>> audit component. The customer is to use this component in their
>> >>>> applications to audit end-user activities.
>> >>>>
>> >>>> In some earlier application specific audit implementations, log4j had
>> >>>> been used. However, log4j (and pretty much all existing application
>> >>>> logging frameworks that I looked at) has the notion of logging
>> >>>> levels.
>> >>>> For auditing (at least in this customer's case) we have
>> >>>> actions/events
>> >>>> which have no relation between them. So, having levels of debug,
>> >>>> info,
>> >>>> warn, etc isn't right but we rather have independent events.
>> >>>> When I found Logback it was kind of love at first sight, the modular
>> >>>> design fitted beautifully with what we wanted and we chose Logback
>> >>>> (specifically logback-core) for our actual audit logging. We based
>> >>>> this choice on two factors in specific:
>> >>>> 1. The possibility of log on actions/events rather than levels (as
>> >>>> above described)
>> >>>> 2. The possiblity of having several independently configured logback
>> >>>> instances. (This is not possible with log4j for instance, and as the
>> >>>> customer's app server of choice uses log4j we would need to combine
>> >>>> application logging and audit logging configuration - which is not
>> >>>> good out of security perspective.)
>> >>>>
>> >>>> Also, the extensive documentation made my work easy to recommend the
>> >>>> framework. As we all know, good documentation is not always the case
>> >>>> in OSS. However, as mentioned on the mailing list earlier, the lack
>> >>>> of
>> >>>> a 1.0 release could have been a problem. However, Ceki's track record
>> >>>> (with log4j) made me feel safe still going with Logback.
>> >>>>
>> >>>> As i personally strongly believe in OSS I normally participate and
>> >>>> contribute to the community of the libs I use. However, working as a
>> >>>> consultant I just can't be involved in everything and tend to only
>> >>>> stay active as long as the assignment lasts (there are a few
>> >>>> exceptions). Therefore I don't subscribe to this mailing list any
>> >>>> longer, but I will monitor this thread so if you have any questions
>> >>>> regarding my use case I'll be happy to answer them.
>> >>>>
>> >>>> /Anders
>> >>>> _______________________________________________
>> >>>> Logback-user mailing list
>> >>>> Logback-user at qos.ch
>> >>>> http://qos.ch/mailman/listinfo/logback-user
>> >>> --
>> >>> SWITCH
>> >>> Serving Swiss Universities
>> >>> --------------------------
>> >>> Chad La Joie, Software Engineer, Net Services
>> >>> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
>> >>> phone +41 44 268 15 75, fax +41 44 268 15 68
>> >>> chad.lajoie at switch.ch, http://www.switch.ch
>> >>>
>> >>> _______________________________________________
>> >>> Logback-user mailing list
>> >>> Logback-user at qos.ch
>> >>> http://qos.ch/mailman/listinfo/logback-user
>> >>>
>> >> _______________________________________________
>> >> Logback-user mailing list
>> >> Logback-user at qos.ch
>> >> http://qos.ch/mailman/listinfo/logback-user
>> >
>> > --
>> > SWITCH
>> > Serving Swiss Universities
>> > --------------------------
>> > Chad La Joie, Software Engineer, Net Services
>> > Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
>> > phone +41 44 268 15 75, fax +41 44 268 15 68
>> > chad.lajoie at switch.ch, http://www.switch.ch
>> >
>> > _______________________________________________
>> > Logback-user mailing list
>> > Logback-user at qos.ch
>> > http://qos.ch/mailman/listinfo/logback-user
>> >
>>
>> _______________________________________________
>> Logback-user mailing list
>> Logback-user at qos.ch
>> http://qos.ch/mailman/listinfo/logback-user
>>
>
>
> _______________________________________________
> Logback-user mailing list
> Logback-user at qos.ch
> http://qos.ch/mailman/listinfo/logback-user
>
>

More information about the Logback-user mailing list