安全/加密log4j文件 [英] Secure / Encrypt log4j files
问题描述
a错误。
我必须 ecrypt / cypher /保护文件,以便客户端无法打开它们并看到它们(至少不是以人类可读的方式),同时支持技术团队拿这些文件,他们会知道如何阅读(解密)他们。
我做了很多搜索,我尝试了我最好的选择我发现这是通过扩展 SkeletonAppender 构建自定义appender。
现在知道我有一个很好的下面的配置,但是我创建了新的加密类,但是我甚至不能简单的设置它不会创建文件,所以我可以继续在ecnryption部分。
任何帮助,链接是好的。
工作...版本
< appender name =cacheclass =com.MyAppender> ;
< param name =Thresholdvalue =ALL/>
< param name =ImmediateFlushvalue =true/>
< param name =Filevalue =$ {home} /logs/cache.log/>
< param name =Appendvalue =true/>
< param name =Thresholdvalue =ALL/>
< param name =Encodingvalue =UTF-8/>
< layout class =org.apache.log4j.EnhancedPatternLayout>
< param name =ConversionPatternvalue =% - 5p%d {MMM-dd-yyyy HH:mm:ss,SSS}%c {1} - %m%n/>
< / layout>
< / appender>
不工作...版本
< appender name =cacheclass =com.MyAppender>
< param name =Thresholdvalue =ALL/>
< param name =ImmediateFlushvalue =true/>
< param name =Filevalue =$ {home} /logs/cache.log/>
< param name =Appendvalue =true/>
< param name =Thresholdvalue =ALL/>
< param name =Encodingvalue =UTF-8/>
< rollingPolicy class =org.apache.log4j.rolling.TimeBasedRollingPolicy>
< param name =FileNamePattern
value =$ {home} /logs/cache.%d {yyyy-MM-dd-HH} .gz/>
< param name =ActiveFileNamevalue =$ {home} /logs/cache.log/>
< / rollingPolicy>
< layout class =org.apache.log4j.EnhancedPatternLayout>
< param name =ConversionPattern
value =% - 5p%d {MMM-dd-yyyy HH:mm:ss,SSS}%c {1} - %m%n >
< / layout>
< / appender>
简单的类测试
package com.MyAppender;
import org.apache.log4j.spi.LoggingEvent;
public class MyAppender extends org.apache.log4j.RollingFileAppender {
private String file;
private boolean initialized = false;
private String baseFileName = null;
// private static final Log log = LogFactory.getLog(MyAppender.class);
/ **
*
*写入ActivityLog
*
* @param事件
*记录事件被调用。
*
* /
@Override
protected void subAppend(LoggingEvent event){
if(!initialized){
createNewFile();
}
synchronized(this){
super.subAppend(event);
}
}
/ **
*
*创建一个新的ActivityLog文件
*
* /
public void createNewFile(){
try {
baseFileName = file;
super.setFile(baseFileName);
super.activateOptions();
initialized = true;
} catch(Exception e){
// log.error(*#*配置log4j参数时出错,无法创建ActivityLog文件);
}
}
/ **
*
*调用File Appender的activateOptions(),它控制
*日志文件的创建。
*
* /
@Override
public void activateOptions(){
super.setFile(file);
super.activateOptions();
}
/ **
*
*关闭并重命名当前的ActivityLog文件并重置计数器和
*时间戳。
*
* /
public void rollOver(){
closeFile();
initialized = false;
}
@Override
public void setFile(String file){
this.file = file;
}
}
然后我打算实现代码在
Cipher OutputStream
可能的解决方法是将日志写入支持加密的嵌入式数据库,例如 H2 本身支持加密和 SQLite 有开源加密扩展 - 这样你只需使用 JDBCAppender ,让数据库获取
从这个问题,SQLite配置看起来像
< appender name =jdbcAppenderclass =org.apache.log4j.jdbc.JDBCAppender>
< param name =URLvalue =jdbc:sqlite:D:/download/mapLogic/sf_log.db/>
< param name =uservalue =/>
< param name =passwordvalue =/>
< param name =drivervalue =org.sqlite.JDBC/>
< param name =sql
value =INSERT INTO Log(Message,Priority,Logger,Date)VALUES('%m','%p','%c' d {ABSOLUTE}')/>
< / appender>
您的日志表看起来像
CREATE TABLE日志(
LogId INTEGER PRIMARY KEY,
日期DATETIME NOT NULL,
级别VARCHAR(50)NOT NULL,
记录器VARCHAR 255)NOT NULL,
消息TEXT DEFAULT NULL
);
可以在 JDBCAppender 中找到文档< a href =https://logging.apache.org/log4j/2.x/manual/appenders.html =nofollow noreferrer> here
有一个 SQLite的官方加密扩展以及至少一个第三方开源扩展;我从来没有加密SQLite,但如果我不得不这样做,那么我会去官方的扩展,除非我遇到问题。
如果您在客户端上运行,那么理想情况下,您可以在开机时将程序手机置于家中,以获取数据库加密密钥,使客户端的密钥永远不存在磁盘驱动器(忽略它到交换文件的可能性) - 客户端仍然可以使用调试器或任何尝试将密钥从内存中取出,但是可能他们在解密日志时不太感兴趣数量麻烦如果您必须将密钥存储在客户端,那么在使用该密钥之前,您可以至少对其进行散列混淆,例如:在程序中硬编码base_key,然后在引导时您通过运行base_key通过 SHA512 I have a problem ; security requirement i have java swing app that have logging files generated with log4j for support issues in case of tracking
a bug. I have to ecrypt/cypher/secure the files so the client cant open them and see them (at least not as human readable way) and at the same time when support tech team take these files they will know how to read (decrypt) them . I did a lot of searches and i tried my best option i found which is build custom appender by extending Now know that i have log4j working great as below configuration, but i created new class to encrypt it but i cant get it work even with simple setup it dose not create the file , so i can continue in the ecnryption part. Any help , links are good. Working...version Not Working...version The simple class test Then i plan to implement the code in
Cipher OutputStream A possible workaround to the problem is to write the logs to an embedded database that supports encryption, e.g. H2 natively supports encryption and SQLite has open source encryption extensions - this way you can just use the From this question, SQLite config would look something like where your log table looks like Documentation on the There's an official encryption extension for SQLite as well as at least one third party open source extension; I've never had to encrypt SQLite, but if I had to do so then I'd go with the official extension unless I ran into problems with it. If you're running this on the client, then ideally you'll be able to have the program phone home at boot time to get the database encryption key so that the key never exists on the client's disk drive (ignoring the possibility that it goes to the swap file) - the client could still use a debugger or whatever to try to get the key out of memory, but presumably they're not interested enough in decrypting the logs to go to that amount of trouble. If you've got to store the key on the client side then you can at a minimum obfuscate it by hashing it several times before using it, e.g. hard-code the base_key in the program, then at boot time you create actual_key by running base_key through SHA512 (or whatever) several times; the client could still figure out what you're doing by using a debugger, but again they hopefully won't want to go to the trouble. 这篇关于安全/加密log4j文件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!SkeletonAppender . <appender name="cache" class="com.MyAppender">
<param name="Threshold" value="ALL" />
<param name="ImmediateFlush" value="true" />
<param name="File" value="${home}/logs/cache.log"/>
<param name="Append" value="true"/>
<param name="Threshold" value="ALL" />
<param name="Encoding" value="UTF-8" />
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%-5p %d{MMM-dd-yyyy HH:mm:ss,SSS} %c{1} - %m%n" />
</layout>
</appender>
<appender name="cache" class="com.MyAppender">
<param name="Threshold" value="ALL" />
<param name="ImmediateFlush" value="true" />
<param name="File" value="${home}/logs/cache.log"/>
<param name="Append" value="true"/>
<param name="Threshold" value="ALL" />
<param name="Encoding" value="UTF-8" />
<rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
<param name="FileNamePattern"
value="${home}/logs/cache.%d{yyyy-MM-dd-HH}.gz" />
<param name="ActiveFileName" value="${home}/logs/cache.log" />
</rollingPolicy>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern"
value="%-5p %d{MMM-dd-yyyy HH:mm:ss,SSS} %c{1} - %m%n" />
</layout>
</appender>
package com.MyAppender;
import org.apache.log4j.spi.LoggingEvent;
public class MyAppender extends org.apache.log4j.RollingFileAppender {
private String file;
private boolean initialized = false;
private String baseFileName = null;
// private static final Log log = LogFactory.getLog(MyAppender.class);
/**
*
* write to ActivityLog
*
* @param event
* logging event invoked.
*
*/
@Override
protected void subAppend(LoggingEvent event) {
if (!initialized) {
createNewFile();
}
synchronized (this) {
super.subAppend(event);
}
}
/**
*
* create a new ActivityLog File
*
*/
public void createNewFile() {
try {
baseFileName = file;
super.setFile(baseFileName);
super.activateOptions();
initialized = true;
} catch (Exception e) {
// log.error("*#*Error in configuration of log4j params,unable to create ActivityLog file");
}
}
/**
*
* invokes File Appender's activateOptions() which controls the creation of
* log files.
*
*/
@Override
public void activateOptions() {
super.setFile(file);
super.activateOptions();
}
/**
*
* Close and rename the current ActivityLog file and reset counter and
* timestamp.
*
*/
public void rollOver() {
closeFile();
initialized = false;
}
@Override
public void setFile(String file) {
this.file = file;
}
}
JDBCAppender and let the database take care of encryption without having to worry about a custom appender.
<appender name="jdbcAppender" class="org.apache.log4j.jdbc.JDBCAppender">
<param name="URL" value="jdbc:sqlite:D:/download/mapLogic/sf_log.db" />
<param name="user" value="" />
<param name="password" value="" />
<param name="driver" value="org.sqlite.JDBC" />
<param name="sql"
value="INSERT INTO Log(Message,Priority,Logger,Date) VALUES ('%m','%p','%c','%d{ABSOLUTE}')" />
</appender>
CREATE TABLE Log (
LogId INTEGER PRIMARY KEY,
Date DATETIME NOT NULL,
Level VARCHAR(50) NOT NULL,
Logger VARCHAR(255) NOT NULL,
Message TEXT DEFAULT NULL
);
JDBCAppender can be found here
