Enable Flexible Log4j message formatting

[GoogleCodeExporter]

Overview:
It's great that a lot of contextual information is written with each log
entry, but there is limited flexibility in what information is logged with
each request and what the message format is.

How about taking advantage of the log4j MDC class?  For those not familiar
with this class
-You put your contextual information in the MDC thread local hash map
-In the appender.layout.conversion format you specify the MDC keys where you
want the information inserted into the log entry.
-This is advantageous as it provides granular control over the format (not
all ESAPI users need all of the information being logged today)

Design:
-If we need to offer binary compatibility with the Java Logger, support both
implementations and use a configuration setting to determine whether MDC is
on. 

Original issue reported on code.google.com by manico.james@gmail.com on 11 Jan 2010 at 4:01

[GoogleCodeExporter]

(from Wall)

Log4j already allows a lot of flexibility in formatting via it's appenders,
layout, etc. via log4j.properties or log4j.xml (depending on what version
of Log4j you are using).

However, if we have to start adding a lot of complexity to the place where we
actually do the logging, then I don't think that is something that we want
to address for the 2.0 release. Maybe later, but not now. I think that's
something that needs to be done very carefully so that we are consistent
across all the ESAPI classes. Just my opinion, but I don't think it's a
priority for 2.0. You might want to add it to the Google issues list as
something to think about for 2.1 or whatever the next release will be,
just so it doesn't fall through the cracks, but I don't see it as a
priority now.  Besides, this looks like something that needs to be
thought through and not just done on a whim. Otherwise, all we will
do will just end up complicating the logging, which leads to bugs,
and possibly security vulnerabilities.

Original comment by manico.james@gmail.com on 11 Jan 2010 at 4:21

[GoogleCodeExporter]

(by beef)

This is of course assuming that all users will be using Log4J - To my knowledge 
the
commons-logging package offers no such service (though I may be wrong). It 
could be
that we can do this only in the log4j code as well but I definately feel like 
this is
something for the 2.1 or better release as I know we all really want to get 2.0 
released.

Original comment by manico.james@gmail.com on 11 Jan 2010 at 4:23

[GoogleCodeExporter]

Original comment by manico.james@gmail.com on 1 Nov 2010 at 12:50

• Changed state: Accepted
• Added labels: Milestone-Release2.1

[GoogleCodeExporter]

Original comment by chrisisbeef on 20 Nov 2010 at 9:55

• Added labels: Component-Logger

[GoogleCodeExporter]

Original comment by manico.james@gmail.com on 29 May 2012 at 3:23