Oh right, JTL isn’t in core, but it could be! And if we change the default layout to continue using a pattern layout, how about some colors and such like how Spring Boot defaults?
And yes, multiple default configurations was another idea I had, but I wasn’t sure how to phrase that. > On Oct 3, 2023, at 11:57 AM, Ralph Goers <ralph.go...@dslextreme.com> wrote: > > Are you just talking about changing the current default configuration? Or are > you envisioning having more than one somewhow? > > If this is just about changing the current default configuration then I have > some concerns: > 1. It always has to work. > 2. It cannot rely on optional components. JsonTemplateLayout is not in core > so it cannot be included in the default. However, we could detect if it is > available and use it if it is. > > Changing from PatternLayout to JsonTemplateLayout that only makes sense if > you have tools to interpret the JSON. Looking at the raw JSON is painful. > I’ve done it. > > Finally, my hope is that no one is using the default configuration. I can’t > really think of any application that should be using it. However, we could > create multiple defaults tailored to specific application types. > > Ralph > >> On Oct 3, 2023, at 9:35 AM, Matt Sicker <m...@musigma.org> wrote: >> >> I’ve had this idea for many years now, and as we get closer to 3.0, it seems >> like it’s time to consider the details. We can change the default >> configuration in 3.0 without being as surprising as any other version. I >> think we could use this as an opportunity to demonstrate some best practices >> and recommendations. For example, we could switch from PatternLayout to >> JsonTemplateLayout by default to help prevent common vulnerabilities related >> to log message forging (like putting a newline or similar and faking the log >> output in the following line). Then there’s an option related to direct >> console writing that we have disabled by default despite being benign. There >> are probably other settings I haven’t considered at the moment. >> >> So what do you think? Any suggestions for the default configuration? >