I'm experimenting writing a java SE swing application using JBoss weld. Weld configures logging with log4j using the following log4j.xml file in the jar:
<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<!--
JBoss, Home of Professional Open Source
Copyright 2009, Red Hat, Inc. and/or its affiliates, and individual
contributors by the @authors tag. See the copyright.txt in the
distribution for a full listing of individual contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
<param name="Target" value="System.out"/>
<layout class="org.apache.log4j.PatternLayout">
<!-- The default pattern: Date Priority [Category] Message\n -->
<param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{2}] %m%n"/>
</layout>
<filter class="org.apache.log4j.varia.StringMatchFilter">
<param name="AcceptOnMatch" value="false" />
<param name="StringToMatch" value="Failure while notifying an observer of event [a]" />
</filter>
</appender>
<!-- ############### Weld logging ################### -->
<category name="org.jboss.weld">
<priority value="INFO"/>
</category>
<root>
<priority value="INFO"/>
<appender-ref ref="CONSOLE"/>
</root>
</log4j:configuration>
I want to disable logging altogether in my application. I tried to disable it providing a log4j.properties file as follows:
log4j.debug=FALSE
log4j.rootLogger=OFF, CONSOLE
No matter what I try to do I cannot prevent the log4j messages from Weld to show up in the console. All I want to do is completely disable logging. But How?
You can safely remove these files. Also, these files don't include the log4j-core-2.7. jar which is the jar containing the vulnerability, so there is no exploit risk.
SLF4J, Logback, Logstash, Loki, and Seq are the most popular alternatives and competitors to Log4j.
Shortly after posting this question I discovered the answer. Create a log4j.xml file to override the defaults in the 3rd party JAR.
Here is an example specific to this thread:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd" >
<log4j:configuration>
<appender name="CA" class="org.apache.log4j.ConsoleAppender">
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%m%n"/>
</layout>
</appender>
<!--
If you want to enable logging for the application
but wish to disable logging for a specific package
then use this, where org.jboss is the package
for which you wish to disable logging.
-->
<category name="org.jboss">
<priority value="off"/>
</category>
<root>
<priority value="off"/> <!--Notice this disables all logging-->
<appender-ref ref="CA"/>
</root>
</log4j:configuration>
I think the default log configuration for third part jars won`t print any message into STDOUT or FILE.
But if you want override the default log configuration without document, the best solution is de-compile the jar files and find out how it load the configuration.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With