如何防止使用logback进行日志轰炸? [英] How to prevent log bombing using logback?

问题描述

我不确定轰炸"一词是否正确.轰炸是指日志以相同的内容(消息和参数)多次发生.

I'm not sure the term "bombing" is the right one. By bombing, I mean a log happening many times with the same content (message and args).

例如，拒绝服务附加可能会导致日志警告，表明未经身份验证的用户正在尝试访问某些API.日志:

For example, a denial of service attach might cause a log warning that an unauthenticated user is trying to access some API. log:

[03-29 11:26:01.000] missing token
[03-29 11:26:01.001] missing token
[03-29 11:26:01.005] missing token
... overall 100000 times

我要解决的问题是防止日志过大.大小是个问题.另外，由于重复消息的数量过多，可能看不到其他重要消息.

The problem I'm trying to tackle is preventing the log from being very large. Size is a problem. Also, other important messages might not be seen because of the overwhelming number of the repeating message.

我希望能够防止此类日志爆炸，并提供一些汇总消息，例如:

I'd like to be able to prevent such a log bombing and have some aggregated message like:

[03-29 11:26:01.000] missing token
[03-29 11:26:06.000] missing token [silenced. Overall 100000 times]

所以，我在这里寻找2个功能:

So, I'm looking for 2 features here:

1. 使日志重复太长.
2. 显示沉寂日志的小结.

是否知道是否可以使用logback以及如何使用logback??也许其他日志记录工具可以支持此操作?谢谢.

Any idea if and how this can be done using logback? Perhaps another logging tool can support this? Thanks.

推荐答案

，它可以过滤出完全重复的邮件，可能符合您的第一个要求.当前，过滤器会在指定阈值后(通过allowedRepititions设置)停止所有重复消息，该阈值可能不可取.如果您希望对新邮件重设重复计数或基于时间.但是，它没有提供静默日志的摘要.

The DuplicateMessageFilter, which filters out exact duplicate messages, might fit your first requirement. Currently, the filter stops all duplicate messages after a specified threshold (via allowedRepititions setting), which might not be desirable. You would have to extend the filter if you preferred to have the duplicate-count to reset on new messages or based on time. It does not provide a summary of silenced logs, however.

示例登录配置:

<configuration>

  <turboFilter class="ch.qos.logback.classic.turbo.DuplicateMessageFilter" allowedRepetitions="2"/>

  <appender name="console" class="ch.qos.logback.core.ConsoleAppender">
    <encoder>
      <pattern>%date [%thread] %-5level %logger - %msg%n</pattern>
    </encoder>
  </appender>

  <root level="INFO">
    <appender-ref ref="console" />
  </root>  
</configuration>

这篇关于如何防止使用logback进行日志轰炸?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！