Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Difference between slf4j-log4j12 vs log4j

In a project's pom.xml I am seeing a dependency like below

    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>slf4j-api</artifactId>
        <version>1.7.5</version>
    </dependency>
    <dependency>
        <groupId>org.slf4j</groupId>
        <artifactId>slf4j-log4j12</artifactId>
        <version>1.7.5</version>
    </dependency>
    <dependency>
        <groupId>log4j</groupId>
        <artifactId>log4j</artifactId>
        <version>1.2.17</version>
    </dependency>

Can someone let me know what is the difference between slf4j-log4j12 & log4j ?

like image 247
tuk Avatar asked Nov 30 '17 13:11

tuk


People also ask

Is SLF4J the same as log4j?

Comparison SLF4J and Log4j Unlike log4j, SLF4J (Simple Logging Facade for Java) is not an implementation of logging framework, it is an abstraction for all those logging frameworks in Java similar to log4J. Therefore, you cannot compare both. However, it is always difficult to prefer one between the two.

Is SLF4J log4j12 affected by log4j vulnerability?

The SLF4J API is just an API which lets message data go through. As such, using log4j 2. x, even via SLF4J does not mitigate the vulnerability.

What is SLF4J log4j12 for?

slf4j-log4j12 provides a bridge between SLF4J and Log4j 1.2 so that SLF4J knows about how to log using Log4j. You are using Log4j 1.2. That version's binding it is maintained by the SLF4J project. Here is a summary from the SLF4J docs: SLF4J supports various logging frameworks.

Does log4j over SLF4J use log4j?

log4j-over-slf4j. SLF4J ship with a module called log4j-over-slf4j. It allows log4j users to migrate existing applications to SLF4J without changing a single line of code but simply by replacing the log4j. jar file with log4j-over-slf4j.


2 Answers

Log4j 1.2

slf4j-log4j12 provides a bridge between SLF4J and Log4j 1.2 so that SLF4J knows about how to log using Log4j.

You are using Log4j 1.2. That version's binding it is maintained by the SLF4J project. Here is a summary from the SLF4J docs:

SLF4J supports various logging frameworks. The SLF4J distribution ships with several jar files referred to as "SLF4J bindings", with each binding corresponding to a supported framework.

slf4j-log4j12-1.7.28.jar

Binding for log4j version 1.2, a widely used logging framework. You also need to place log4j.jar on your class path.

Log4j 2

If you are using Log4j 2 or later, you will need a different binding JAR than slf4j-log4j12. That binding is maintained by the Log4j project. According to the Log4j docs:

The Log4j 2 SLF4J Binding allows applications coded to the SLF4J API to use Log4j 2 as the implementation.

You must provide both dependencies if you want SLF4J to route logging to Log4j. Again, from the Log4j 2 docs:

Simply include the Log4j 2 SLF4J Binding jar along with the Log4j 2 jars and SLF4J API jar to cause all SLF4J logging to be handled by Log4j 2.

like image 161
glytching Avatar answered Sep 24 '22 20:09

glytching


To summarize:

 <dependency> <!--Facade for logging systems-->
   <groupId>org.slf4j</groupId>
   <artifactId>slf4j-api</artifactId>
   <version>1.7.25</version>
 </dependency>

 <dependency> <!--Log4j 2 implementation for slf4j-->
   <groupId>org.apache.logging.log4j</groupId>
   <artifactId>log4j-slf4j-impl</artifactId>
   <version>2.12.0</version>
 </dependency>

In addition make sure that you are using a log4j2 properties file. The mistake of using 'log4j.xml' did cost me quite some time

like image 40
trallnag Avatar answered Sep 25 '22 20:09

trallnag