I'm curious whether you looked at the existing capabilities in log4j2 to inject markers or context into your event?  With a Marker, you can trace and filter events, as you can also do with the thread context.


On Fri, Jan 8, 2016 at 11:13 AM, Bryan Krol <bryan.krol@technergetics.com> wrote:
Hello all,

As part of some other work I have been doing, our team has decided that it would be worth extending the Log4j2 library in such a way as to better support logging of security events.  We also thought what we did would be of interest to the larger Apache community, mostly because the need for application-level security auditing is growing to help mitigate the increase of application security incidents. In order to facilitate better auditing practices, developers now have a need to include better security logging practices in the development process.  Application logs provide valuable data for:

  • Identifying security threats

  • Monitoring policy violations

  • Providing details about problems and unusual conditions

  • Contributing application-specific data for auditing which is lacking in other sources

  • Helping defend against vulnerability identification and exploitation through attack detection.

​I have attached a document that more thoroughly explains what we have done and what "problems" we were looking to solve with our changes. 
I am looking for some guidance on how I should go about submitting these changes back to the Apache Log4j 2.x team for inclusion in the code base. I have implemented both the functionality and the appropriate JUnit code for testing of the additions.

If anyone could respond with some information to help, I would greatly appreciate it.

Thank you,

Bryan Krol
Software Engineer
Technergetics, LLC
Fax: (886) 307-4382

To unsubscribe, e-mail: log4j-dev-unsubscribe@logging.apache.org
For additional commands, e-mail: log4j-dev-help@logging.apache.org