I am trying to use Log4J in my application, but my problem is that the machine where I want to run this app has not given me write permissions to the local drive. But Log4J is not throwing any errors, it simply skips the logging.
So what I want to do is write some code in which if Log4J cannot write to the local file system it will return some feedback/message in my app. Is there a way to tell if Log4J can write to the local filesystem, from Log4J itself? Or is there any way that I determine how many words Log4J has written into its log file in each operation? It's so then I could determine whether or not logging was actually occurring and then take appropriate action.
have you read the FAQ
Quote from the site
No. log4j is not reliable. It is a best-effort fail-stop logging
system.
By fail-stop, we mean that log4j will not throw unexpected exceptions
at run-time potentially causing your application to crash. If for any
reason, log4j throws an uncaught exception, please send an email to
the log4j-user#logging.apache.org mailing list. Uncaught exceptions
are handled as serious bugs requiring immediate attention.
I prefer my application continue even if logging fails.
What you described is possibly a function of 'application monitoring'. There are many tools to see if particular file system is getting full or a directory/file not changed for a while etc.
Having said that, you can do basic checks at the very beginning of application - like permissions to create file in the directory meant for logging.
Related
I was just curious to know the difference between normal file write and logging. Of course logging is used to record exceptions, errors, installation details and other important data. But this can be done using a normal file write also. I've seen logging use locks for resource sharing (in java). Other than that is there any particular or very important reason behind using logging?
Logging is writing data to some stream to keep a record of events that occur in an application. Note that you don't necessarily have to log to a file. You can log to a console, for example.
Some applications require an "Audit Log" of user activity in the system. This is a case where logging is fulfilling a very specific business requirement.
Note you can write to a file and NOT be logging. If you use the presence of a file to create a lock for a process, for example, you have written to a file, but you are not logging.
In general though, logging is just writing event data somewhere. "started up", "entered method x", "exception occurred" are all events. I think that really what defines a "log" vs a file with different semantics.
Writing to a file is one possibility of doing logging. Logging is a more general term for something like "save important events for later use". If you look at logging frameworks, you see that they allow you to write to a file as one option. But they provide you with more configuration options like logging levels, different logging sinks etc. One could of course implement this on its own by writing certain information to file.
Logging means appending to a file. With write you can override previous data, by appending you can't. It's just my way of thinking.
When I run Fortify Scan on my project i do see that i'm logging the exceptions using
LOGGER.error(e.getMessage(),e);
and it says this is not the right way because attckers may get access to this info and get system info from this and plan an attack.
What is the best way to do this?(without compramising on the security)?
That reasoning is frankly ridiculous in most cases. Your LOGGER object should be writing to the local filesystem, and if a remote attacker can access your filesystem you've got way bigger problems.
Restrict access to your log files as appropriate, and then log to your heart's content.
You could switch logging off in production, but this would make you great disadvantage when the final user would report error and you would have no idea what had happened.
You should treat your logs as critical data and protect access to them on operating system level, such as access to database files. If attacker would access the database, he would compromise the system anyway. At best only the system admin should have access to log files, and should give them to developers only when needed (critical error on production etc.).
I am bit confused so, thought to ask experts.
I have written small java application. I have function which reads properties files which contains the path of the directory where to write the log and exceptions. Lets say I get exception while reading the properties file since logger wouldn't have been initialized by that time, how can I know that there was an error or exception? If I have written e.printStackTrace() in catch block where it will be printed? I am running this application through windows scheduler.
Thanks for advice.
BR
SC
Forget about Log4j. That was useful when logging capabilites were not embbeded inside JRE itself. You can configure the logging properties by a means of a logging.properties file (which is provided at JVM start point). Inside the application you can log messages with different levels of severity with or without nested exceptions.
Here is a useful page with example of basic configuration and logging capabilites use.
Use log4j configure it [here it will configure it self by using log4j.properties or .xml from the classpath ] , initialize it in app startup and use it app wide.
If you want to know for sure that the exception was thrown, don't catch it :) The printStackTrace() writes to stderr. You could run your app though console to read it. If you want to log no matter what without any config or extra libs, you can use java-util.logging which is bundled with the jdk and writes to stdout by default
Or will this generate an error? I just wanted to know if this were possible before I put forth the effort to implement this behavior into my application. Sorry for the naivety...
Note: I'm using log4j for logging, and by 'opening a log file programmatically', I mean through a GUI component, such as a button.
I never used log4j but used log4net a lot (its .NET counterpart). You can set your log's lockingModel to Minimal-lock to have your log file locked only when the logger is actually writing to it. At that point you can read from it without preventing your logger from writing if you make sure your application doesn't itself obtain an exclusive lock on the file.
It is platform dependent. On Linux / UNIX it is likely to work, but I believe that Windows uses file locking by default and this may cause problems.
The best approach is to do some simple experiments on your implementation platform.
I have made a java application and wants to generate log files so whenever my client would encounter some problem, he can deliver me those log files so that I can correct my code accordingly.
Kindly provide me a small sample program that writes a statement to a log file. Kindly mention the .class files you are using with their full import statements.
The application is multi-threaded so Is it better to generate separate log files for each thread or not?
Is it better to clear all previous log files before starting the program?
macleojw is correct: You should try writing the code yourself.
Here is an overview of the Java logging framework that ships with the JDK. You may wish to check out Commons Logging and Log4J.
Regarding the second part of your question (which was editted out for some reason) I would recommend having all threads log to the same file but logging the thread name along with the log message allowing you to grep the file for a specific thread if required. Also, with most logging frameworks you can configure them to maintain a rolling window of the last N log files rather than explicitly deleting old files when an application starts.
Apache Log4j does everything you require. I hope that you can figure out how to use it on your own.
Take a look at Log4j, and specifically this set of step-by-step examples. It's pretty trivial.