[
https://issues.apache.org/jira/browse/LOG4J2-1350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steffen Offermann updated LOG4J2-1350:
--------------------------------------
Description:
We have encountered the following situation: A method in an application thread
was recursively calling itself again and again, until the inevitable
{{StackOverflowException}} occurred. Other application threads worked fine, but
since we use asynchronous logging, the Log4j ring buffer ran full because of
the thread that was running amok. As a consequence none of the other threads
could issue any log messages any more.
In production systems we MUST be able to see log messages, otherwise we have
hardly a means to tell when something goes wrong and to discover problems like
this.
So my suggestion would be to add a circuit breaker pattern to the Log4j core
system (unless there already is one that I'm not aware of), that would track
the frequency of log events per thread and open once a dangerous threshold has
been reached or exceeded. That way other threads would still be able to send
log events once the ring buffer is free again.
was:
We have encountered the following situation: A method in an application thread
was recursively calling itself again and again, until the inevitable
{{StackOverflowException}} occurred. Other application threads worked fine, but
since we use asynchronous logging, the Log4j ringbuffer ran full because of the
thread that was running amok. As a consequence none of the other threads could
issue any log messages any more.
In production systems we MUST be able to see log messages, otherwise we have
hardly a means to tell when something goes wrong and to discover problems like
this.
So my suggestion would be to add a circuit breaker pattern to the Log4j core
system (unless there already is one that I'm not aware of), that would track
the frequency of log events per thread and open once a dangerous threshold has
been reached or exceeded. That way other threads would still be able to send
log events once the ring buffer is free again.
> Circuit Breaker for log system to avoid DOS by recursion
> --------------------------------------------------------
>
> Key: LOG4J2-1350
> URL: https://issues.apache.org/jira/browse/LOG4J2-1350
> Project: Log4j 2
> Issue Type: Improvement
> Components: Core
> Affects Versions: 2.5
> Reporter: Steffen Offermann
>
> We have encountered the following situation: A method in an application
> thread was recursively calling itself again and again, until the inevitable
> {{StackOverflowException}} occurred. Other application threads worked fine,
> but since we use asynchronous logging, the Log4j ring buffer ran full because
> of the thread that was running amok. As a consequence none of the other
> threads could issue any log messages any more.
> In production systems we MUST be able to see log messages, otherwise we have
> hardly a means to tell when something goes wrong and to discover problems
> like this.
> So my suggestion would be to add a circuit breaker pattern to the Log4j core
> system (unless there already is one that I'm not aware of), that would track
> the frequency of log events per thread and open once a dangerous threshold
> has been reached or exceeded. That way other threads would still be able to
> send log events once the ring buffer is free again.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
