[
https://issues.apache.org/jira/browse/LOG4J2-2665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16894908#comment-16894908
]
Joubin Jabbari commented on LOG4J2-2665:
----------------------------------------
[~rgoers], I think this only solves non-unique events to the application. Where
this breaks down is in very large organizations, or even organizations where
the software wasn't written in-house. To be honest with you, reading that log
message proves my point.
I didn't read the manual as you can't expect Incident Responders to read
manuals of hundreds of logging libraries their organization could use. So here
is what I can take from that log message.
At some time, some http call was made with a given request it, given a session
id that corresponded to the a given user from some IP address and it had some
account. But I don't know why that was even logged. Is it important that they
made a request? Why INFO and not DEBUG? Honestly, to a responder, that log
message is more noise than it is helpful.
> Incident Response Improvement for Log4J
> ---------------------------------------
>
> Key: LOG4J2-2665
> URL: https://issues.apache.org/jira/browse/LOG4J2-2665
> Project: Log4j 2
> Issue Type: Improvement
> Components: API
> Affects Versions: 2.12.0
> Reporter: Joubin Jabbari
> Priority: Major
>
> Issue:
> Logging something to a file only solves half of the problem. The log needs to
> readable and distinguishable by auditors and responders.
> This is a proposal to add a optional feature for the instantiation and
> compile process of the logger.
>
> # Allow for a description parameter for each log statement.
> # When the description is filled out, log events that correspond to that
> description are given a hash number that match the hash of the description
> # The descriptions of said log are extracted and paired with their hash into
> a "log description file" during the compile process
> Example:
> Previous Logging Method
> {code:java}
> logger.info(user.id + " was able to login")
> {code}
> Proposed change
> {code:java}
> logger.info(user.id + " was able to login", description="This log event
> appears right after every user logs in"){code}
> Log File example
> Previous:
> {code:java}
> user132 was able to login
> {code}
> Proposed:
> {code:java}
> c58868be25f925102364ba7cf15b4fbcca5d3f11: user132 was able to login
> {code}
> Proposed log file description file generated during compile time:
> {code:java}
> c58868be25f925102364ba7cf15b4fbcca5d3f11: This log event appears right after
> every user logs in{code}
>
>
>
--
This message was sent by Atlassian JIRA
(v7.6.14#76016)
