Movatterモバイル変換


[0]ホーム

URL:


Skip to content
DEV Community
Log in Create account

DEV Community

Cover image for Log4j to Logback migration? Good idea or not?
Sameer
Sameer

Posted on

     

Log4j to Logback migration? Good idea or not?

New Buzz word Log4j

By end of 2021, there came a new buzz word "LOG4J". People who don't know what log4j is started to talk about it. Jokes a part, log4j teared the world apart because of the security vulnerability that were exploited by Hackers. This security vulnerability was allowing attackers to execute malicious code remotely on a target computer. Which means hackers can easily steal data, plant malware, or take control of the target computer via the Internet.

How to overcome this issue

Solution 1

Update the library usage to the latest released version of log4j, where Apache team has fixed the "known" vulnerabilities.

Solution 2

Switch to different logger e.g. Logback

What is Logback?

Logback is a logging framework for mostly Java based applications, and a successor to the popular log4j project. Logback has many improvements over log4j. Just for information, logback is very much like log4j as both the projects were founded by the same developers. Logback is very similar to log4j when it comes to usage.

Why Logback?

  • Its very much like log4j, no extra knowledge need to use.
  • As its very much similar to log4j, its easy to replace.
  • Logback uses slf4jnatively.
  • Auto compression of log files.
  • Many more.. Have a look at:Reasons to switch.

How to use Logback?

  • Add the logback dependencies.

Maven:

<dependency>    <groupId>org.slf4j</groupId>    <artifactId>slf4j-api</artifactId>    <version>${slf4j-version}</version></dependency><dependency>    <groupId>ch.qos.logback</groupId>    <artifactId>logback-core</artifactId>    <version>${logback-version}</version></dependency><dependency>    <groupId>ch.qos.logback</groupId>    <artifactId>logback-classic</artifactId>    <version>${logback-version}</version></dependency>
Enter fullscreen modeExit fullscreen mode

Gradle:

implementation("org.slf4j:slf4j-api:${slf4j-version}")implementation("ch.qos.logback:logback-core:${logback-version}")implementation("ch.qos.logback:logback-classic:${logback-version}")
Enter fullscreen modeExit fullscreen mode

If JAR files are needed locally then download them from logbackdownload page.

If the application is based on Spring boot then, no additional dependencies are required as Spring boot provides log back support.

  • Addlogback.xml file (logback-spring.xml in case of Spring boot) insrc\main\resources. Samplelogback.xml For more information about Logback configuration, checkLink.
<?xml version="1.0" encoding="UTF-8"?><configuration>    <appender name="STDOUT">        <layout>            <Pattern>                %date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC} - %yellow([tid:%t])[sid:%X{httpSessionId}][reqid:%X{reqId}] - %green(%level) %cyan([%c]) - %m%n            </Pattern>        </layout>    </appender>    <appender name="appServerRollingFile">        <file>applogs/shpi-api.log</file>        <rollingPolicy>            <fileNamePattern>applogs/$${date:yyyy-MMM}/shpi-api-%d{yyyy-MMM-dd}-%i.log.gz</fileNamePattern>        </rollingPolicy>        <triggeringPolicy>            <maxFileSize>200MB</maxFileSize>        </triggeringPolicy>        <encoder>            <pattern>%date{"yyyy-MM-dd'T'HH:mm:ss,SSSXXX", UTC} - [sid:%X{httpSessionId}][actor:%X{userId}][reqid:%X{reqId}] - %p [%c] - %m%n</pattern>        </encoder>    </appender>    <root level="info">        <appender-ref ref="STDOUT"/>        <appender-ref ref="appServerRollingFile"/>    </root></configuration>
Enter fullscreen modeExit fullscreen mode
  • How to use LoggerFactory instance.
importorg.slf4j.Logger;importorg.slf4j.LoggerFactory;...staticfinalLoggerLOG=LoggerFactory.getLogger(ClassName.class);...{LOG.warn("Warn Test");}
Enter fullscreen modeExit fullscreen mode

-
If migrating from Log4j to Logback use this translator tool from logback developersTranslator.

Conclusion

Idea behind use of logback is the recent issues with log4j which gave everyone a reality check, that now there is definite need of log4j alternative.
May be now is the time to migrate!

References

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

Senior Software Engineer with 10+ years of Java Stack Experience.
  • Location
    Berlin, Germany
  • Education
    University of Applied Sciences, Hof
  • Work
    I work with JVM
  • Joined

More fromSameer

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account

[8]ページ先頭

©2009-2025 Movatter.jp