demba90 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

Add new "audit" log level that ALWAYS get's logged #177

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
(from August)

I do back Kevin's suggestion of adding a new "audit" level that is always 
logged, no matter what log4j configuration is in use.

Original issue reported on code.google.com by manico.james@gmail.com on 6 Nov 2010 at 8:06

GoogleCodeExporter commented 8 years ago
(from Kevin)

There obviously are going
to be auditing requirements related to security (e.g., log *all*
authentication
attempts, whether successful or unsuccessful). If the EventType were always
Logger.SECURITY_SUCCESS or Logger.SECURITY_FAILURE rather than EVENT_SUCCESS
or EVENT_SUCCESS, then using a method named audit() rather than log() might
make more sense, but there are certainly things that you would always want
to log, such as start-up messages, that would use Logger.EVENT_SUCCESS
rather than Logger.SECURITY_SUCCESS, so the name audit() is not as general.

Original comment by manico.james@gmail.com on 6 Nov 2010 at 8:07

GoogleCodeExporter commented 8 years ago
Fixed per SVN revisions 1694, 1695, 1696, 1697, and 1698.
New method is called always(). There is also new Logger EventType
called SECURITY_AUDIT which this uses. Implemented for 2.0 because
it was needed to implement some NSA comments as per Google Issue #81.

Original comment by kevin.w.wall@gmail.com on 4 Feb 2011 at 7:04