[logback-user] Feedback from using Logback in an audit component

Anders Hammar anders at hammar.net
Sun Nov 2 20:42:25 CET 2008 

Hi,

Attached is a UML class diagram of the basics of the audit logger
implementation utilizing Logback. As you can see it's not very
complicated. What I have left out is most of the Joran configuration
parts (you don't need to use Joran for configuration if you don't want
to) and our extension of PatternLayoutBase (which uses a bunch of
Converters specific to our case).

Once again, have a look at logback-access for instance and it
shouldn't be to hard to figure out.

/Anders

On Fri, Oct 31, 2008 at 1:21 PM, Chad La Joie <chad.lajoie at switch.ch> wrote:
> Thanks.  We use Logback for a product with modestly large deployment.  I
> have an audit log now but I'm not entirely happy with it.  Event-based
> log entries would be a large step in the right direction.
>
> Anders Hammar wrote:
>> Hi Chad,
>>
>> I'm sorry to say no, my customer doesn't share code. Especially not
>> for this component. But due to the good design of logback this was
>> very straight forward. As I said, I used logback-core and implemented
>> a few classes on top of this. I found looking at how things were
>> solved in logback-classic and logback-access very helpful. I ran into
>> a few problems when extending some classes for our specific needs, but
>> I filed jiras regarding that and I believe it has been fixed in
>> 0.9.10/11.
>>
>> What I could do is sharing some kind of UML class diagram to show the
>> idea. I'll look at that on Monday.
>>
>> /Anders
>>
>> On Fri, Oct 31, 2008 at 9:45 AM, Chad La Joie <chad.lajoie at switch.ch> wrote:
>>> Hey Anders,
>>>
>>> Do you have any code that you could share that shows how you did the
>>> event-based audit logging vs the standard level-based?
>>>
>>> Anders Hammar wrote:
>>>> I was asked by Ceki to share my successful Logback story with you all.
>>>>
>>>> In a former assignment for one of our customers, we implemented an
>>>> audit component. The customer is to use this component in their
>>>> applications to audit end-user activities.
>>>>
>>>> In some earlier application specific audit implementations, log4j had
>>>> been used. However, log4j (and pretty much all existing application
>>>> logging frameworks that I looked at) has the notion of logging levels.
>>>> For auditing (at least in this customer's case) we have actions/events
>>>> which have no relation between them. So, having levels of debug, info,
>>>> warn, etc isn't right but we rather have independent events.
>>>> When I found Logback it was kind of love at first sight, the modular
>>>> design fitted beautifully with what we wanted and we chose Logback
>>>> (specifically logback-core) for our actual audit logging. We based
>>>> this choice on two factors in specific:
>>>> 1. The possibility of log on actions/events rather than levels (as
>>>> above described)
>>>> 2. The possiblity of having several independently configured logback
>>>> instances. (This is not possible with log4j for instance, and as the
>>>> customer's app server of choice uses log4j we would need to combine
>>>> application logging and audit logging configuration - which is not
>>>> good out of security perspective.)
>>>>
>>>> Also, the extensive documentation made my work easy to recommend the
>>>> framework. As we all know, good documentation is not always the case
>>>> in OSS. However, as mentioned on the mailing list earlier, the lack of
>>>> a 1.0 release could have been a problem. However, Ceki's track record
>>>> (with log4j) made me feel safe still going with Logback.
>>>>
>>>> As i personally strongly believe in OSS I normally participate and
>>>> contribute to the community of the libs I use. However, working as a
>>>> consultant I just can't be involved in everything and tend to only
>>>> stay active as long as the assignment lasts (there are a few
>>>> exceptions). Therefore I don't subscribe to this mailing list any
>>>> longer, but I will monitor this thread so if you have any questions
>>>> regarding my use case I'll be happy to answer them.
>>>>
>>>> /Anders
>>>> _______________________________________________
>>>> Logback-user mailing list
>>>> Logback-user at qos.ch
>>>> http://qos.ch/mailman/listinfo/logback-user
>>> --
>>> SWITCH
>>> Serving Swiss Universities
>>> --------------------------
>>> Chad La Joie, Software Engineer, Net Services
>>> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
>>> phone +41 44 268 15 75, fax +41 44 268 15 68
>>> chad.lajoie at switch.ch, http://www.switch.ch
>>>
>>> _______________________________________________
>>> Logback-user mailing list
>>> Logback-user at qos.ch
>>> http://qos.ch/mailman/listinfo/logback-user
>>>
>> _______________________________________________
>> Logback-user mailing list
>> Logback-user at qos.ch
>> http://qos.ch/mailman/listinfo/logback-user
>
> --
> SWITCH
> Serving Swiss Universities
> --------------------------
> Chad La Joie, Software Engineer, Net Services
> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> phone +41 44 268 15 75, fax +41 44 268 15 68
> chad.lajoie at switch.ch, http://www.switch.ch
>
> _______________________________________________
> Logback-user mailing list
> Logback-user at qos.ch
> http://qos.ch/mailman/listinfo/logback-user
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: AuditLoggerImpl.jpg
Type: image/jpeg
Size: 79584 bytes
Desc: not available
Url : http://qos.ch/pipermail/logback-user/attachments/20081102/57b00bdc/attachment-0001.jpg

More information about the Logback-user mailing list