[ https://issues.apache.org/jira/browse/LOG4J2-2665?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16894908#comment-16894908 ]
Joubin Jabbari commented on LOG4J2-2665: ---------------------------------------- [~rgoers], I think this only solves non-unique events to the application. Where this breaks down is in very large organizations, or even organizations where the software wasn't written in-house. To be honest with you, reading that log message proves my point. I didn't read the manual as you can't expect Incident Responders to read manuals of hundreds of logging libraries their organization could use. So here is what I can take from that log message. At some time, some http call was made with a given request it, given a session id that corresponded to the a given user from some IP address and it had some account. But I don't know why that was even logged. Is it important that they made a request? Why INFO and not DEBUG? Honestly, to a responder, that log message is more noise than it is helpful. > Incident Response Improvement for Log4J > --------------------------------------- > > Key: LOG4J2-2665 > URL: https://issues.apache.org/jira/browse/LOG4J2-2665 > Project: Log4j 2 > Issue Type: Improvement > Components: API > Affects Versions: 2.12.0 > Reporter: Joubin Jabbari > Priority: Major > > Issue: > Logging something to a file only solves half of the problem. The log needs to > readable and distinguishable by auditors and responders. > This is a proposal to add a optional feature for the instantiation and > compile process of the logger. > > # Allow for a description parameter for each log statement. > # When the description is filled out, log events that correspond to that > description are given a hash number that match the hash of the description > # The descriptions of said log are extracted and paired with their hash into > a "log description file" during the compile process > Example: > Previous Logging Method > {code:java} > logger.info(user.id + " was able to login") > {code} > Proposed change > {code:java} > logger.info(user.id + " was able to login", description="This log event > appears right after every user logs in"){code} > Log File example > Previous: > {code:java} > user132 was able to login > {code} > Proposed: > {code:java} > c58868be25f925102364ba7cf15b4fbcca5d3f11: user132 was able to login > {code} > Proposed log file description file generated during compile time: > {code:java} > c58868be25f925102364ba7cf15b4fbcca5d3f11: This log event appears right after > every user logs in{code} > > > -- This message was sent by Atlassian JIRA (v7.6.14#76016)