[
https://issues.apache.org/jira/browse/LOG4J2-3508?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17537759#comment-17537759
]
Volkan Yazici commented on LOG4J2-3508:
---------------------------------------
Hello [~simonhng]! Thanks for reaching out to us with such a contribution idea.
I can't speak for the rest of the team, but I am against adding custom
appenders, layouts, etc. to the core without a compelling reason to do so. Let
me share my reasoning. Log4j is already pretty ~bloated~ rich with the feature
set it provides. Every new feature has a maintenance cost for the crew and it
needs to be paid at least for a decade. Log4j already takes close to half an
hour to compile and test. A new module will add at least 1 minute to that.
Since you are not a Log4j committer, your PRs need to be reviewed too.
Contributors rarely come, though pretty often go. Unless the associated feature
is proven to have a wide usage, adding it to the core will bring more harm than
benefit. It also works the other way around. When you contribute your project
to the ASF, you will be bound to the ASF policies. PRs need to be reviewed.
Changes need to packed into a release. Long story short, having this custom
plugin in your personal GitHub project, maintaining it there, releasing it to
Maven Central yourself, etc. will be of benefit to Log4j, you, and your plugin.
When your plugin has sufficient usage, it can always be added to the core in
the future. Though, unless I am mistaken, it is not there yet.
> Add a signature appender to the log4j2 core
> -------------------------------------------
>
> Key: LOG4J2-3508
> URL: https://issues.apache.org/jira/browse/LOG4J2-3508
> Project: Log4j 2
> Issue Type: New Feature
> Components: Appenders
> Reporter: Simon Huang
> Priority: Minor
>
> h2. Goal
> Merge our implementation of a Signature appender into the log4j2 core.
> h2. What is a signature appender?
> Hello log4j2 contributors,
> I am a working student at Siemens and my superiours were looking for a way to
> add a signature to their logs. The solution that we came up with is an outer
> appender that works similar to the failover appender, i.e. it adds a
> signature and delegates the appending to another appender.
> You can see our solution at
> [github|https://github.com/simon-hng-smns/log4j2_signature_appender/tree/main]
> as wenn as an [example
> implementation|https://github.com/simon-hng-smns/log4j2_signature_appender/tree/example-implementation].
> We would appreciate any and all feedback, and hope you can guide us to
> necessary changes, in order to incorporate our appender.
> h2. How does it work?
> The SignatureAppender takes in an inner appender, which can now use the
> {{%sign}} PatternConverter.
> {code:xml}
> <Appenders>
> <SignatureAppender name="signatureAppender"
> signatureAlgorithm="SHA256withRSA"
> pathToKeyStore="signatureKeyStore.p12"
> keyStorePassword="password"
> >
> <Console name="console">
> <PatternLayout pattern="[%sign] %m%n"/>
> </Console>
> </SignatureAppender>
> </Appenders>
> {code}
> h3. Creating the signature
> The signature is created using the internal java class {{Signature}}, which
> gets a formatted message and the last signature and signs like this
> {code:java}
> Signature.update(message + lastSignature)
> {code}
> h3. In general the steps are the following:
> # SignatureAppender gets LogEvent creates the formatted message.
> # Using this formatted message and the lastSignature, a signature is created
> which we use to create a LogEvent with the signature as a property
> # This new LogEvent is then send to the inner appender, where it is used by
> the SignaturePatternConverter
>
--
This message was sent by Atlassian Jira
(v8.20.7#820007)
