[ https://issues.apache.org/jira/browse/KNOX-1462?focusedWorklogId=651526&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-651526 ]
ASF GitHub Bot logged work on KNOX-1462: ---------------------------------------- Author: ASF GitHub Bot Created on: 16/Sep/21 08:19 Start Date: 16/Sep/21 08:19 Worklog Time Spent: 10m Work Description: zeroflag opened a new pull request #488: URL: https://github.com/apache/knox/pull/488 ## What changes were proposed in this pull request? Due to security vulnerabilities and lack of maintenance log4j1 is replaced to log4j2. The two versions are incompatible with each other internally and on API level as well. The following changes were added: * Package, class and method names are replaced to reflect then API changes * There is no MDC in log4j2. It is called ThreadContext and it only allows storing key value pair (String,String). Hence the additional `attachContext()` calls. * Config file syntax is different and there is no `PropertyConfigurator` in log4j2. Config files are replaced to XML files. * Custom `Appenders` are replaced to plugins. ## How was this patch tested? Checked maven dependencies: ``` $ mvn dependency:tree | grep log4j:log4j:jar $ ``` Checked log rotation: ``` $ ls -al logs/gateway-audit.log* -rw-r--r-- 1 amagyar staff 7065 Sep 11 2021 logs/gateway-audit.log -rw-r--r-- 1 amagyar staff 10643 Sep 9 15:24 logs/gateway-audit.log.2021-09-09 -rw-r--r-- 1 amagyar staff 9222 Sep 10 2021 logs/gateway-audit.log.2021-09-10 $ ls -al logs/gateway.log* -rw-r--r-- 1 amagyar staff 2741 Sep 11 2021 logs/gateway.log -rw-r--r-- 1 amagyar staff 18005 Sep 9 15:24 logs/gateway.log.2021-09-09 -rw-r--r-- 1 amagyar staff 1556 Sep 10 2021 logs/gateway.log.2021-09-10 ``` Checked the gateway.log + gateway-audit.log formats as well as the logs of the ldap server and knoxcli. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking ------------------- Worklog Id: (was: 651526) Time Spent: 6h 40m (was: 6.5h) > Migrate from Log4j 1.x to 2.x > ----------------------------- > > Key: KNOX-1462 > URL: https://issues.apache.org/jira/browse/KNOX-1462 > Project: Apache Knox > Issue Type: Improvement > Reporter: Kevin Risden > Assignee: Attila Magyar > Priority: Blocker > Fix For: 2.0.0 > > Time Spent: 6h 40m > Remaining Estimate: 0h > > Assigning to version 1.2.0 to have a discussion about it. > Log4j 1.x went EOL in August 2015. JDK 9+ support (KNOX-1458) will require > Log4j 2 since Knox uses MDC for all the audit logging. More details about the > issue and migration are found here: > * [https://blogs.apache.org/logging/entry/moving_on_to_log4j_2] > * [https://logging.apache.org/log4j/2.x/manual/migration.html] > Items of "concern" > * MDC migrate to ThreadContext > * log4j.properties need to migrate to log4j2.xml (or yaml or json) > Benefits > * Async logging > * Dynamic reloading of configuration changes -- This message was sent by Atlassian Jira (v8.3.4#803005)