Maybe you can add a custom layout [1] plugin component [2]? I guess you can set a custom layout in appender configuration. [3] The layout seems responsible for producing final buffer to the output medium in the end.
HTH, Woonsan [1] http://logging.apache.org/log4j/2.x/manual/extending.html#Layouts [2] http://logging.apache.org/log4j/2.x/manual/plugins.html [3] http://logging.apache.org/log4j/2.x/manual/configuration.html >________________________________ > From: kommersz <[email protected]> >To: [email protected] >Sent: Thursday, August 8, 2013 4:12 AM >Subject: Log Forgery and log4j > > > > Ladies and Gentleman, > >Recently I came across an issue with Log Forgery >(http://cwe.mitre.org/data/definitions/117.html) - a problem where line feed >characters passed over to logging results in extra log entries created when >simple file-based logging is used. >Checked briefly with log4j appenders, also the mailing list, but found no >methods of protection against it. > >So now if a "\r\n" is added, it can result in two log entries, e.g. with >FileAppender. Not being black belt in log4j, however, it might happen that I >overlooked something. So any hints? > >Cheers, >Gabor > >P.s.: Googling "log4j log forgery" brings >http://www.jtmelton.com/2010/09/21/preventing-log-forging-in-java/ as a >result, which suggests a wrapper, utilizing ESAPI functions to sanitize... - >this also raises the question, if it is really the supported way of fixing >this issue by always wrapping log4j into another API before using? > > > > >
