[jira] [Work logged] (KNOX-1462) Migrate from Log4j 1.x to 2.x

[ASF GitHub Bot (Jira)]

     [ 
https://issues.apache.org/jira/browse/KNOX-1462?focusedWorklogId=651526&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-651526
 ]

ASF GitHub Bot logged work on KNOX-1462:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 16/Sep/21 08:19
            Start Date: 16/Sep/21 08:19
    Worklog Time Spent: 10m 
      Work Description: zeroflag opened a new pull request #488:
URL: https://github.com/apache/knox/pull/488


   ## What changes were proposed in this pull request?
   
   Due to security vulnerabilities and lack of maintenance log4j1 is replaced 
to log4j2. The two versions are incompatible with each other internally and on 
API level as well. 
   
   The following changes were added:
   
   * Package, class and method names are replaced to reflect then API changes 
   * There is no MDC in log4j2. It is called ThreadContext and it only allows 
storing key value pair (String,String). Hence the additional `attachContext()` 
calls.
   * Config file syntax is different and there is no `PropertyConfigurator` in 
log4j2. Config files are replaced to XML files.
   * Custom `Appenders` are replaced to plugins.
   
   ## How was this patch tested?
   
   Checked maven dependencies:
   
   ```
   $ mvn dependency:tree | grep log4j:log4j:jar
   $ 
   ```
   
   Checked log rotation:
   
   ```
   $ ls -al logs/gateway-audit.log*
   -rw-r--r--  1 amagyar  staff   7065 Sep 11  2021 logs/gateway-audit.log
   -rw-r--r--  1 amagyar  staff  10643 Sep  9 15:24 
logs/gateway-audit.log.2021-09-09
   -rw-r--r--  1 amagyar  staff   9222 Sep 10  2021 
logs/gateway-audit.log.2021-09-10
   
   $ ls -al logs/gateway.log*
   -rw-r--r--  1 amagyar  staff   2741 Sep 11  2021 logs/gateway.log
   -rw-r--r--  1 amagyar  staff  18005 Sep  9 15:24 logs/gateway.log.2021-09-09
   -rw-r--r--  1 amagyar  staff   1556 Sep 10  2021 logs/gateway.log.2021-09-10
   ```
   
   Checked the gateway.log + gateway-audit.log formats as well as the logs of 
the ldap server and knoxcli.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


Issue Time Tracking
-------------------

    Worklog Id:     (was: 651526)
    Time Spent: 6h 40m  (was: 6.5h)

> Migrate from Log4j 1.x to 2.x
> -----------------------------
>
>                 Key: KNOX-1462
>                 URL: https://issues.apache.org/jira/browse/KNOX-1462
>             Project: Apache Knox
>          Issue Type: Improvement
>            Reporter: Kevin Risden
>            Assignee: Attila Magyar
>            Priority: Blocker
>             Fix For: 2.0.0
>
>          Time Spent: 6h 40m
>  Remaining Estimate: 0h
>
> Assigning to version 1.2.0 to have a discussion about it.
> Log4j 1.x went EOL in August 2015. JDK 9+ support (KNOX-1458) will require 
> Log4j 2 since Knox uses MDC for all the audit logging. More details about the 
> issue and migration are found here:
>  * [https://blogs.apache.org/logging/entry/moving_on_to_log4j_2]
>  * [https://logging.apache.org/log4j/2.x/manual/migration.html]
> Items of "concern"
>  * MDC migrate to ThreadContext
>  * log4j.properties need to migrate to log4j2.xml (or yaml or json)
> Benefits
>  * Async logging
>  * Dynamic reloading of configuration changes



--
This message was sent by Atlassian Jira
(v8.3.4#803005)