logging-log4j-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bryan Krol <bryan.k...@technergetics.com>
Subject Questions on submitting changes to the Log4j2 code base
Date Fri, 08 Jan 2016 16:13:51 GMT
Hello all,

As part of some other work I have been doing, our team has decided that it
would be worth extending the Log4j2 library in such a way as to better
support logging of security events.  We also thought what we did would be
of interest to the larger Apache community, mostly because the need for
application-level security auditing is growing to help mitigate the
increase of application security incidents. In order to facilitate better
auditing practices, developers now have a need to include better security
logging practices in the development process.  Application logs provide
valuable data for:

   -

   Identifying security threats
   -

   Monitoring policy violations
   -

   Providing details about problems and unusual conditions
   -

   Contributing application-specific data for auditing which is lacking in
   other sources
   -

   Helping defend against vulnerability identification and exploitation
   through attack detection.

‚ÄčI have attached a document that more thoroughly explains what we have done
and what "problems" we were looking to solve with our changes.
I am looking for some guidance on how I should go about submitting these
changes back to the Apache Log4j 2.x team for inclusion in the code base. I
have implemented both the functionality and the appropriate JUnit code for
testing of the additions.

If anyone could respond with some information to help, I would greatly
appreciate it.

Thank you,

-- 
Bryan Krol
Software Engineer
Technergetics, LLC
bryan.krol@technergetics.com
Phone: (315) 271-2096
Fax: (886) 307-4382

Mime
View raw message