It would be nice to know what is in your AuditEvent. I suspect that is where our implementations differ.<br><br><div class="gmail_quote">On Sun, Nov 2, 2008 at 11:42 AM, Anders Hammar <span dir="ltr"><<a href="mailto:anders@hammar.net">anders@hammar.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br>
<br>
Attached is a UML class diagram of the basics of the audit logger<br>
implementation utilizing Logback. As you can see it's not very<br>
complicated. What I have left out is most of the Joran configuration<br>
parts (you don't need to use Joran for configuration if you don't want<br>
to) and our extension of PatternLayoutBase (which uses a bunch of<br>
Converters specific to our case).<br>
<br>
Once again, have a look at logback-access for instance and it<br>
shouldn't be to hard to figure out.<br>
<font color="#888888"><br>
/Anders<br>
</font><div><div></div><div class="Wj3C7c"><br>
On Fri, Oct 31, 2008 at 1:21 PM, Chad La Joie <chad.lajoie@switch.ch> wrote:<br>
> Thanks. We use Logback for a product with modestly large deployment. I<br>
> have an audit log now but I'm not entirely happy with it. Event-based<br>
> log entries would be a large step in the right direction.<br>
><br>
> Anders Hammar wrote:<br>
>> Hi Chad,<br>
>><br>
>> I'm sorry to say no, my customer doesn't share code. Especially not<br>
>> for this component. But due to the good design of logback this was<br>
>> very straight forward. As I said, I used logback-core and implemented<br>
>> a few classes on top of this. I found looking at how things were<br>
>> solved in logback-classic and logback-access very helpful. I ran into<br>
>> a few problems when extending some classes for our specific needs, but<br>
>> I filed jiras regarding that and I believe it has been fixed in<br>
>> 0.9.10/11.<br>
>><br>
>> What I could do is sharing some kind of UML class diagram to show the<br>
>> idea. I'll look at that on Monday.<br>
>><br>
>> /Anders<br>
>><br>
>> On Fri, Oct 31, 2008 at 9:45 AM, Chad La Joie <chad.lajoie@switch.ch> wrote:<br>
>>> Hey Anders,<br>
>>><br>
>>> Do you have any code that you could share that shows how you did the<br>
>>> event-based audit logging vs the standard level-based?<br>
>>><br>
>>> Anders Hammar wrote:<br>
>>>> I was asked by Ceki to share my successful Logback story with you all.<br>
>>>><br>
>>>> In a former assignment for one of our customers, we implemented an<br>
>>>> audit component. The customer is to use this component in their<br>
>>>> applications to audit end-user activities.<br>
>>>><br>
>>>> In some earlier application specific audit implementations, log4j had<br>
>>>> been used. However, log4j (and pretty much all existing application<br>
>>>> logging frameworks that I looked at) has the notion of logging levels.<br>
>>>> For auditing (at least in this customer's case) we have actions/events<br>
>>>> which have no relation between them. So, having levels of debug, info,<br>
>>>> warn, etc isn't right but we rather have independent events.<br>
>>>> When I found Logback it was kind of love at first sight, the modular<br>
>>>> design fitted beautifully with what we wanted and we chose Logback<br>
>>>> (specifically logback-core) for our actual audit logging. We based<br>
>>>> this choice on two factors in specific:<br>
>>>> 1. The possibility of log on actions/events rather than levels (as<br>
>>>> above described)<br>
>>>> 2. The possiblity of having several independently configured logback<br>
>>>> instances. (This is not possible with log4j for instance, and as the<br>
>>>> customer's app server of choice uses log4j we would need to combine<br>
>>>> application logging and audit logging configuration - which is not<br>
>>>> good out of security perspective.)<br>
>>>><br>
>>>> Also, the extensive documentation made my work easy to recommend the<br>
>>>> framework. As we all know, good documentation is not always the case<br>
>>>> in OSS. However, as mentioned on the mailing list earlier, the lack of<br>
>>>> a 1.0 release could have been a problem. However, Ceki's track record<br>
>>>> (with log4j) made me feel safe still going with Logback.<br>
>>>><br>
>>>> As i personally strongly believe in OSS I normally participate and<br>
>>>> contribute to the community of the libs I use. However, working as a<br>
>>>> consultant I just can't be involved in everything and tend to only<br>
>>>> stay active as long as the assignment lasts (there are a few<br>
>>>> exceptions). Therefore I don't subscribe to this mailing list any<br>
>>>> longer, but I will monitor this thread so if you have any questions<br>
>>>> regarding my use case I'll be happy to answer them.<br>
>>>><br>
>>>> /Anders<br>
>>>> _______________________________________________<br>
>>>> Logback-user mailing list<br>
>>>> Logback-user@qos.ch<br>
>>>> <a href="http://qos.ch/mailman/listinfo/logback-user" target="_blank">http://qos.ch/mailman/listinfo/logback-user</a><br>
>>> --<br>
>>> SWITCH<br>
>>> Serving Swiss Universities<br>
>>> --------------------------<br>
>>> Chad La Joie, Software Engineer, Net Services<br>
>>> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland<br>
>>> phone +41 44 268 15 75, fax +41 44 268 15 68<br>
>>> chad.lajoie@switch.ch, <a href="http://www.switch.ch" target="_blank">http://www.switch.ch</a><br>
>>><br>
>>> _______________________________________________<br>
>>> Logback-user mailing list<br>
>>> Logback-user@qos.ch<br>
>>> <a href="http://qos.ch/mailman/listinfo/logback-user" target="_blank">http://qos.ch/mailman/listinfo/logback-user</a><br>
>>><br>
>> _______________________________________________<br>
>> Logback-user mailing list<br>
>> Logback-user@qos.ch<br>
>> <a href="http://qos.ch/mailman/listinfo/logback-user" target="_blank">http://qos.ch/mailman/listinfo/logback-user</a><br>
><br>
> --<br>
> SWITCH<br>
> Serving Swiss Universities<br>
> --------------------------<br>
> Chad La Joie, Software Engineer, Net Services<br>
> Werdstrasse 2, P.O. Box, 8021 Zürich, Switzerland<br>
> phone +41 44 268 15 75, fax +41 44 268 15 68<br>
> chad.lajoie@switch.ch, <a href="http://www.switch.ch" target="_blank">http://www.switch.ch</a><br>
><br>
> _______________________________________________<br>
> Logback-user mailing list<br>
> Logback-user@qos.ch<br>
> <a href="http://qos.ch/mailman/listinfo/logback-user" target="_blank">http://qos.ch/mailman/listinfo/logback-user</a><br>
><br>
</div></div><br>_______________________________________________<br>
Logback-user mailing list<br>
Logback-user@qos.ch<br>
<a href="http://qos.ch/mailman/listinfo/logback-user" target="_blank">http://qos.ch/mailman/listinfo/logback-user</a><br>
<br></blockquote></div><br>