[logback-user] Feedback from using Logback in an audit component

ralph.goers @dslextreme.com rgoers at apache.org
Mon Nov 3 15:14:55 CET 2008 

It would be nice to know what is in your AuditEvent. I suspect that is where
our implementations differ.

On Sun, Nov 2, 2008 at 11:42 AM, Anders Hammar <anders at hammar.net> wrote:

> Hi,
>
> Attached is a UML class diagram of the basics of the audit logger
> implementation utilizing Logback. As you can see it's not very
> complicated. What I have left out is most of the Joran configuration
> parts (you don't need to use Joran for configuration if you don't want
> to) and our extension of PatternLayoutBase (which uses a bunch of
> Converters specific to our case).
>
> Once again, have a look at logback-access for instance and it
> shouldn't be to hard to figure out.
>
> /Anders
>
> On Fri, Oct 31, 2008 at 1:21 PM, Chad La Joie <chad.lajoie at switch.ch>
> wrote:
> > Thanks.  We use Logback for a product with modestly large deployment.  I
> > have an audit log now but I'm not entirely happy with it.  Event-based
> > log entries would be a large step in the right direction.
> >
> > Anders Hammar wrote:
> >> Hi Chad,
> >>
> >> I'm sorry to say no, my customer doesn't share code. Especially not
> >> for this component. But due to the good design of logback this was
> >> very straight forward. As I said, I used logback-core and implemented
> >> a few classes on top of this. I found looking at how things were
> >> solved in logback-classic and logback-access very helpful. I ran into
> >> a few problems when extending some classes for our specific needs, but
> >> I filed jiras regarding that and I believe it has been fixed in
> >> 0.9.10/11.
> >>
> >> What I could do is sharing some kind of UML class diagram to show the
> >> idea. I'll look at that on Monday.
> >>
> >> /Anders
> >>
> >> On Fri, Oct 31, 2008 at 9:45 AM, Chad La Joie <chad.lajoie at switch.ch>
> wrote:
> >>> Hey Anders,
> >>>
> >>> Do you have any code that you could share that shows how you did the
> >>> event-based audit logging vs the standard level-based?
> >>>
> >>> Anders Hammar wrote:
> >>>> I was asked by Ceki to share my successful Logback story with you all.
> >>>>
> >>>> In a former assignment for one of our customers, we implemented an
> >>>> audit component. The customer is to use this component in their
> >>>> applications to audit end-user activities.
> >>>>
> >>>> In some earlier application specific audit implementations, log4j had
> >>>> been used. However, log4j (and pretty much all existing application
> >>>> logging frameworks that I looked at) has the notion of logging levels.
> >>>> For auditing (at least in this customer's case) we have actions/events
> >>>> which have no relation between them. So, having levels of debug, info,
> >>>> warn, etc isn't right but we rather have independent events.
> >>>> When I found Logback it was kind of love at first sight, the modular
> >>>> design fitted beautifully with what we wanted and we chose Logback
> >>>> (specifically logback-core) for our actual audit logging. We based
> >>>> this choice on two factors in specific:
> >>>> 1. The possibility of log on actions/events rather than levels (as
> >>>> above described)
> >>>> 2. The possiblity of having several independently configured logback
> >>>> instances. (This is not possible with log4j for instance, and as the
> >>>> customer's app server of choice uses log4j we would need to combine
> >>>> application logging and audit logging configuration - which is not
> >>>> good out of security perspective.)
> >>>>
> >>>> Also, the extensive documentation made my work easy to recommend the
> >>>> framework. As we all know, good documentation is not always the case
> >>>> in OSS. However, as mentioned on the mailing list earlier, the lack of
> >>>> a 1.0 release could have been a problem. However, Ceki's track record
> >>>> (with log4j) made me feel safe still going with Logback.
> >>>>
> >>>> As i personally strongly believe in OSS I normally participate and
> >>>> contribute to the community of the libs I use. However, working as a
> >>>> consultant I just can't be involved in everything and tend to only
> >>>> stay active as long as the assignment lasts (there are a few
> >>>> exceptions). Therefore I don't subscribe to this mailing list any
> >>>> longer, but I will monitor this thread so if you have any questions
> >>>> regarding my use case I'll be happy to answer them.
> >>>>
> >>>> /Anders
> >>>> _______________________________________________
> >>>> Logback-user mailing list
> >>>> Logback-user at qos.ch
> >>>> http://qos.ch/mailman/listinfo/logback-user
> >>> --
> >>> SWITCH
> >>> Serving Swiss Universities
> >>> --------------------------
> >>> Chad La Joie, Software Engineer, Net Services
> >>> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> >>> phone +41 44 268 15 75, fax +41 44 268 15 68
> >>> chad.lajoie at switch.ch, http://www.switch.ch
> >>>
> >>> _______________________________________________
> >>> Logback-user mailing list
> >>> Logback-user at qos.ch
> >>> http://qos.ch/mailman/listinfo/logback-user
> >>>
> >> _______________________________________________
> >> Logback-user mailing list
> >> Logback-user at qos.ch
> >> http://qos.ch/mailman/listinfo/logback-user
> >
> > --
> > SWITCH
> > Serving Swiss Universities
> > --------------------------
> > Chad La Joie, Software Engineer, Net Services
> > Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland
> > phone +41 44 268 15 75, fax +41 44 268 15 68
> > chad.lajoie at switch.ch, http://www.switch.ch
> >
> > _______________________________________________
> > Logback-user mailing list
> > Logback-user at qos.ch
> > http://qos.ch/mailman/listinfo/logback-user
> >
>
> _______________________________________________
> Logback-user mailing list
> Logback-user at qos.ch
> http://qos.ch/mailman/listinfo/logback-user
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://qos.ch/pipermail/logback-user/attachments/20081103/fe0a3df5/attachment.htm

More information about the Logback-user mailing list