logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Remko Popma (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (LOG4J2-1350) Circuit Breaker for log system to avoid DOS by recursion
Date Mon, 04 Apr 2016 07:51:25 GMT

    [ https://issues.apache.org/jira/browse/LOG4J2-1350?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15223790#comment-15223790
] 

Remko Popma commented on LOG4J2-1350:
-------------------------------------

Perhaps some of the work done for LOG4J2-1080 will give you the building blocks to implement
a custom circuit breaker. (Note that this is not in 2.5 but will be included in 2.6.)

How does this work:
Async Loggers will try to publish a log event to the ring buffer, but if the ring buffer is
full, it will consult the configured {{AsyncEventRouter}} whether to discard the event, log
it synchronously or enqueue it (block until a space in the ring buffer becomes available).

You can install a custom {{AsyncEventRouter}} by specifying the fully qualified class name
of a custom class implementing the {{org.apache.logging.log4j.core.async.AsyncEventRouter}}
interface for system property {{log4j2.AsyncEventRouter}}. (See AsyncEventRouterFactory).

> Circuit Breaker for log system to avoid DOS by recursion
> --------------------------------------------------------
>
>                 Key: LOG4J2-1350
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-1350
>             Project: Log4j 2
>          Issue Type: Improvement
>          Components: Core
>    Affects Versions: 2.5
>            Reporter: Steffen Offermann
>
> We have encountered the following situation: A method in an application thread was recursively
calling itself again and again, until the inevitable {{StackOverflowException}} occurred.
Other application threads worked fine, but since we use asynchronous logging, the Log4j ring
buffer ran full because of the thread that was running amok. As a consequence none of the
other threads could issue any log messages any more. 
> In production systems we MUST be able to see log messages, otherwise we have hardly a
means to tell when something goes wrong and to discover problems like this. 
> So my suggestion would be to add a circuit breaker pattern to the Log4j core system (unless
there already is one that I'm not aware of), that would track the frequency of log events
per thread and open once a dangerous threshold has been reached or exceeded. That way other
threads would still be able to send log events once the ring buffer is free again.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org


Mime
View raw message