Apache Log4j is a

Java Java is one of the Greater Sunda Islands in Indonesia. It is bordered by the Indian Ocean to the south and the Java Sea (a part of Pacific Ocean) to the north. With a population of 156.9 million people (including Madura) in mid 2024, proje ...

-based

Apache Software Foundation The Apache Software Foundation ( ; ASF) is an American nonprofit corporation (classified as a 501(c)(3) organization in the United States) to support a number of open-source software projects. The ASF was formed from a group of developers of the ...

. Log4j is one of several

Java logging framework A Java logging framework is a computer data logging package for the Java platform. This article covers general purpose logging frameworks. Logging refers to the recording of activity by an application and is a common issue for development teams ...

s. Gülcü has since created

SLF4J Simple Logging Facade for Java (SLF4J) provides a Java logging API by means of a simple facade pattern. The underlying logging backend is determined at runtime by adding the desired binding to the classpath and may be the standard Sun Java loggi ...

, Reload4j, and Logback which are alternatives to Log4j. The Apache Log4j team developed Log4j 2 in response to the problems of Log4j 1.2, 1.3, java.util.logging and Logback, addressing issues which appeared in those frameworks. In addition, Log4j 2 offered a plugin architecture which makes it more extensible than its predecessor. Log4j 2 is not backwards compatible with 1.x versions, although an "adapter" is available. On August 5, 2015, the Apache Logging Services Project Management Committee announced that Log4j 1 had reached end of life and that users of Log4j 1 were advised to upgrade to Apache Log4j 2. On January 12, 2022, a forked and renamed log4j version 1.2 was released by Ceki Gülcü as Reload4j version 1.2.18.0 with the aim of fixing the most urgent issues in log4j 1.2.17 that had accumulated since its release in 2013. On December 9, 2021, a zero-day vulnerability involving

arbitrary code execution In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in softwa ...

in Log4j 2 was published by the

Alibaba Cloud Alibaba Cloud, also known as Aliyun ( zh, p=Ālǐyún, s=阿里云, l=Ali Cloud), is a cloud computing company, a subsidiary of Alibaba Group. Alibaba Cloud provides cloud computing services to online businesses and Alibaba's own e-commerce ecos ...

Security Team and given the descriptor "

Log4Shell Log4Shell (CVE-2021-44228) is a zero-day vulnerability reported in November 2021 in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed t ...

". It has been characterized by

Tenable ''Tenable'' is a British game show presented by Warwick Davis and briefly Sally Lindsay, airing on ITV1 from 14 November 2016 to 30 August 2024. On each episode, five contestants attempt to win up to £125,000 by filling in lists of 10 items ...

as "the single biggest, most critical vulnerability of the last decade".

Apache Log4j 2

Apache Log4j 2 is the successor of Log4j 1 which was released as GA version in July 2015. The framework was rewritten from scratch and has been inspired by existing logging solutions, including Log4j 1 and java.util.logging. The main differences from Log4j 1 are: * Improved reliability. Messages are not lost while reconfiguring the framework like in Log4j 1 or Logback * Extensibility: Log4j 2 supports a plugin system to let users define and configure custom components * Simplified configuration syntax * Support for xml, json,

yaml YAML ( ) is a human-readable data serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted. YAML targets many of the same communications applications as Extensible Marku ...

and properties configurations * Improved filters * Property lookup support for values defined in the configuration file, system properties, environment variables, the ThreadContext Map, and data present in the event * Support for multiple APIs: Log4j 2 can be used with applications using the Log4j 2, Log4j 1.2, SLF4J, Commons Logging and java.util.logging (JUL) APIs. * Custom log levels * Java 8-style lambda support for "lazy logging" * Markers * Support for user-defined Message objects * "Garbage-free or low garbage" in common configurations * Improved speed * Improved support for Linux One of the most recognized features of Log4j 2 is the performance of the "Asynchronous Loggers". Log4j 2 makes use of the LMAX Disruptor. The library reduces the need for kernel locking and increases the logging performance by a factor of 12. For example, in the same environment Log4j 2 can write more than 18,000,000 messages per second, whereas other frameworks like Logback and Log4j 1 just write < 2,000,000 messages per second.

Features

Log4j log levels

The following table defines the built-in log levels and messages in Log4j, in decreasing order of severity. The left column lists the log level designation in Log4j and the right column provides a brief description of each log level.

Custom log levels

Log4j 2 allows users to define their own log levels. A source code generator tool is provided to create Loggers that support custom log levels identically to the built-in log levels. Custom log levels can either complement or replace the built-in log levels.

Log4j configuration

Log4j can be configured through a configuration file or through Java code. Configuration files can be written in

XML Extensible Markup Language (XML) is a markup language and file format for storing, transmitting, and reconstructing data. It defines a set of rules for encoding electronic document, documents in a format that is both human-readable and Machine-r ...

JSON JSON (JavaScript Object Notation, pronounced or ) is an open standard file format and electronic data interchange, data interchange format that uses Human-readable medium and data, human-readable text to store and transmit data objects consi ...

YAML YAML ( ) is a human-readable data serialization language. It is commonly used for configuration files and in applications where data is being stored or transmitted. YAML targets many of the same communications applications as Extensible Marku ...

, or properties file format. Three main components can be defined: Loggers, Appenders, and Layouts. Configuring logging via a file has the advantage that logging can be turned on or off without modifying the application that uses Log4j. The application can be allowed to run with logging off until there's a problem, for example, and then logging can be turned back on simply by modifying the configuration file. Loggers are named log message destinations. They are the names that are known to the Java application. Each logger is independently configurable as to what level of logging (FATAL, ERROR, etc.) it currently logs. In early versions of Log4j, these were called category and priority, but now they're called logger and level, respectively. A Logger can send log messages to multiple Appenders. The actual outputs are done by Appenders. There are numerous Appenders available, with descriptive names, such as FileAppender, RollingFileAppender, ConsoleAppender, SocketAppender, SyslogAppender, and SMTPAppender. Log4j 2 added Appenders that write to

Apache Flume This list of Apache Software Foundation projects contains the software development projects of The Apache Software Foundation (ASF). Besides the projects, there are a few other distinct areas of Apache: *Incubator: for aspiring ASF projects *Att ...

, the

Java Persistence API Jakarta Persistence, also known as JPA (abbreviated from the former name Java Persistence API) is a Jakarta EE application programming interface specification that describes the management of relational data in enterprise Java applications. Per ...

Apache Kafka Apache Kafka is a distributed event store and stream-processing platform. It is an open-source system developed by the Apache Software Foundation written in Java and Scala. The project aims to provide a unified, high-throughput, low-latency pl ...

NoSQL NoSQL (originally meaning "Not only SQL" or "non-relational") refers to a type of database design that stores and retrieves data differently from the traditional table-based structure of relational databases. Unlike relational databases, which ...

databases,

Memory-mapped file A memory-mapped file is a segment of virtual memory that has been assigned a direct byte-for-byte correlation with some portion of a file or file-like resource. This resource is typically a file that is physically present on disk, but can also b ...

s, Random Access files and

ZeroMQ ZeroMQ (also spelled ØMQ, 0MQ or ZMQ) is an asynchronous messaging library, aimed at use in distributed or concurrent applications. It provides a message queue, but unlike message-oriented middleware, a ZeroMQ system can run without a dedicated ...

endpoints. Multiple Appenders can be attached to any Logger, so it's possible to log the same information to multiple outputs; for example to a file locally and to a

socket Socket may refer to: Mechanics * Socket wrench, a type of wrench that uses separate, removable sockets to fit different sizes of nuts and bolts * Socket head screw, a screw (or bolt) with a cylindrical head containing a socket into which the hexag ...

listener on another computer. Appenders use Layouts to format log entries. A popular way to format one-line-at-a-time log files is PatternLayout, which uses a pattern string, much like the C / C++ function

printf printf is a C standard library function that formats text and writes it to standard output. The function accepts a format c-string argument and a variable number of value arguments that the function serializes per the format string. Mism ...

. There are also HTMLLayout and XMLLayout formatters for use when

HTML Hypertext Markup Language (HTML) is the standard markup language for documents designed to be displayed in a web browser. It defines the content and structure of web content. It is often assisted by technologies such as Cascading Style Sheets ( ...

or XML formats are more convenient, respectively. Log4j 2 added Layouts for CSV, Graylog Extended Log Format (GELF),

and RFC-5424. In Log4j 2, Filters can be defined on configuration elements to give more fine-grained control over which log entries should be processed by which Loggers and Appenders. In addition to filtering by log level and regular expression matching on the message string, Log4j 2 added burst filters, time filters, filtering by other log event attributes like Markers or Thread Context Map and JSR 223 script filters. To debug a misbehaving configuration: * In Log4j 2 configurations set the status attribute to TRACE to send internal status logging output to standard out. To enable status logging before the configuration is found, use the Java VM property -Dorg.apache.logging.log4j.simplelog.StatusLogger.level=trace. * In Log4j 1, use the Java VM property -Dlog4j.debug. To find out where a log4j2.xml configuration file was loaded from inspect getClass().getResource("/log4j2.xml"). There is also an implicit "unconfigured" or "default" configuration of Log4j, that of a Log4j-instrumented Java application which lacks any Log4j configuration. This prints to stdout a warning that the program is unconfigured, and the URL to the Log4j web site where details on the warning and configuration may be found. As well as printing this warning, an unconfigured Log4j application will only print ERROR or FATAL log entries to standard out.

Example for Log4j 2

target/test.log t%m%n"/> %d %p %c t%m%n

Example for Log4j 1.2

TTCC

TTCC is a message format used by log4j. TTCC is an acronym for ''Time Thread Category Component''. It uses the following pattern: %r t%-5p %c %x - %m%n Where Example output
467

ain Ain (, ; ) is a French department in the Auvergne-Rhône-Alpes region, Eastern France. Named after the Ain river, it is bordered by the Saône and Rhône rivers. Ain is located on the country's eastern edge, on the Swiss border, where it ...

INFO org.apache.log4j.examples.Sort – Exiting main method.

Ports

*log4c – A port for C. ''Log4C'' is a C-based

logging Logging is the process of cutting, processing, and moving trees to a location for transport. It may include skidder, skidding, on-site processing, and loading of trees or trunk (botany), logs onto logging truck, trucksSourceForge SourceForge is a web service founded by Geoffrey B. Jeffery, Tim Perdue, and Drew Streib in November 1999. SourceForge provides a centralized software discovery platform, including an online platform for managing and hosting open-source soft ...

under the

LGPL The GNU Lesser General Public License (LGPL) is a free-software license published by the Free Software Foundation (FSF). The license allows developers and companies to use and integrate a software component released under the LGPL into their own ...

license. For various

Unix Unix (, ; trademarked as UNIX) is a family of multitasking, multi-user computer operating systems that derive from the original AT&T Unix, whose development started in 1969 at the Bell Labs research center by Ken Thompson, Dennis Ritchie, a ...

operating systems the

autoconf GNU Autoconf is a software development tool for generating a configure script that in turn generates files for building a codebase and for packaging or installing the resulting files. Autoconf is part of the GNU Build System along with Autom ...

and

automake GNU Automake is a software development tool to automate parts of the compilation process. It eases common compilation problems. For example, it points to needed dependencies. It automatically generates one or more ''Makefile.in'' from files call ...

files are provided. On

Windows Windows is a Product lining, product line of Proprietary software, proprietary graphical user interface, graphical operating systems developed and marketed by Microsoft. It is grouped into families and subfamilies that cater to particular sec ...

Makefile In software development, Make is a command-line interface software tool that performs actions ordered by configured Dependence analysis, dependencies as defined in a configuration file called a ''makefile''. It is commonly used for build automati ...

is provided for use with

MSVC Microsoft Visual C++ (MSVC) is a compiler for the C, C++, C++/CLI and C++/CX programming languages by Microsoft. MSVC is proprietary software; it was originally a standalone product but later became a part of Visual Studio and made available ...

. Developers may also choose to use their own make system to compile the source, depending on their build engineering requirements. An instance of the ''log4c'' library may be configured via three methods: using

environment variable An environment variable is a user-definable value that can affect the way running processes will behave on a computer. Environment variables are part of the environment in which a process runs. For example, a running process can query the va ...

s, programmatically, or via

configuration file. log4c has appenders for Files, Streams and memory mapped files. (No Socket Adapter.) Last version is 1.2.4, released in 2013, and the project is no longer actively developed. *log4js – A port for

JavaScript JavaScript (), often abbreviated as JS, is a programming language and core technology of the World Wide Web, alongside HTML and CSS. Ninety-nine percent of websites use JavaScript on the client side for webpage behavior. Web browsers have ...

. Log4js is available under the licence of

. One special feature of Log4js is the ability to log the events of the browser remotely on the server. Using

Ajax Ajax may refer to: Greek mythology and tragedy * Ajax the Great, a Greek mythological hero, son of King Telamon and Periboea * Ajax the Lesser, a Greek mythological hero, son of Oileus, the king of Locris * Ajax (play), ''Ajax'' (play), by the an ...

it is possible to send the logging events in several formats (

, plain

ASCII ASCII ( ), an acronym for American Standard Code for Information Interchange, is a character encoding standard for representing a particular set of 95 (English language focused) printable character, printable and 33 control character, control c ...

, etc.) to the server to be evaluated there. The following appenders are implemented for ''log4js'': AjaxAppender, ConsoleAppender, FileAppender, JSConsoleAppender, MetatagAppender, and WindowsEventsAppender. The following Layout classes are provided: BasicLayout, HtmlLayout, JSONLayout, and XMLLayout. Latest version was 2.0 of 18 October 2018. *log4javascript – Another port for JavaScript. log4javascript is a JavaScript logging framework based on the ''log4j''. The latest version was 1.4.13, released on 23 May 2015. *JSNLog – A port for

. Automatically places messages from JavaScript loggers in server side logs using a .NET server side component that interfaces with Log4Net, NLog, Elmah or Common.Logging. This to provide an integrated log for client and server side events. Request ids correlate events related to a specific user. Configuration is via a server side web.config file. Supports exception logging including stack traces. the latest version was 3.0.0 and updates were made regularly. *Apache Log4net – A port to the Microsoft .NET Framework. The initial work was done by Neoworks and was donated to the

in February 2004. The framework is similar to the original log4j while taking advantage of new features in the .NET runtime. Provides Nested Diagnostic Context (NDC) and Mapped Diagnostic Context (MDC). The latest version was 2.0.15. *log4perl – A

Perl Perl is a high-level, general-purpose, interpreted, dynamic programming language. Though Perl is not officially an acronym, there are various backronyms in use, including "Practical Extraction and Reporting Language". Perl was developed ...

port of log4j. Version 1.57 of October 2022 was current . *Apache log4php – "A versatile logging framework for

PHP PHP is a general-purpose scripting language geared towards web development. It was originally created by Danish-Canadian programmer Rasmus Lerdorf in 1993 and released in 1995. The PHP reference implementation is now produced by the PHP Group. ...

. Originally a port of Apache log4j to PHP, it has grown to include various PHP specific features." *PL-SQL-Logging-Utility is an adaptation of log4j in PL/SQL. *Log4db2 is a logging utility for DB2 for LUW that uses SQL instructions with SQL PL code. *Apache Log4cxx – A logging framework for C++ patterned after Apache log4j, which uses

Apache Portable Runtime The Apache Portable Runtime (APR) is a supporting library for the Apache web server. It provides a set of APIs that map to the underlying operating system (OS). Where the OS does not support a particular function, APR will provide an emulation. T ...

for most platform-specific code and should be usable on any platform supported by APR. The latest version is 0.13.0, released in 2022. *Log4r – A comprehensive and flexible logging library written in Ruby for use in Ruby programs. It was inspired by and provides much of the features of the Apache Log4j project.

Log4Shell vulnerability

A zero-day vulnerability involving

remote code execution In computer security, arbitrary code execution (ACE) is an attacker's ability to run any commands or code of the attacker's choice on a target machine or in a target process. An arbitrary code execution vulnerability is a security flaw in softwar ...

in Log4j 2, given the descriptor "Log4Shell" ( CVE-2021-44228), was found and reported to Apache by Alibaba on November 24, 2021, and published in a tweet on December 9, 2021. Affected services include

Cloudflare Cloudflare, Inc., is an American company that provides content delivery network services, cybersecurity, DDoS mitigation, wide area network services, reverse proxies, Domain Name Service, ICANN-accredited domain registration, and other se ...

iCloud iCloud is the personal cloud service of Apple Inc. Launched on October 12, 2011, iCloud enables users to store and Data synchronization, sync data across devices, including Apple Mail, Calendar (Apple), Apple Calendar, Photos (Apple), Apple Ph ...

, '' Minecraft: Java Edition'',

Steam Steam is water vapor, often mixed with air or an aerosol of liquid water droplets. This may occur due to evaporation or due to boiling, where heat is applied until water reaches the enthalpy of vaporization. Saturated or superheated steam is inv ...

Tencent QQ Tencent QQ (), also known as QQ, is an instant messaging software service and web portal developed by the Mainland Chinese technology company Tencent. QQ offers services that provide online social games, music, shopping, microblogging, movies, ...

, and

Twitter Twitter, officially known as X since 2023, is an American microblogging and social networking service. It is one of the world's largest social media platforms and one of the most-visited websites. Users can share short text messages, image ...

. The Apache Software Foundation assigned the maximum

CVSS The Common Vulnerability Scoring System (CVSS) is a technical standard for assessing the severity of vulnerabilities in computing systems. Scores are calculated based on a formula with several metrics that approximate ease and impact of an exploi ...

severity rating of 10 to Log4Shell, as millions of servers could be potentially vulnerable to the exploit. The vulnerability was characterized by cybersecurity firm

as "the single biggest, most critical vulnerability of the last decade" and Lunasec's Free Wortley characterized it as "a design failure of catastrophic proportions". In the United States, the director of the

Cybersecurity and Infrastructure Security Agency The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cyber ...

(CISA),

Jen Easterly Jen Easterly is an American cybersecurity expert and former government official who served as the Director of the Cybersecurity and Infrastructure Security Agency in the Biden administration. She was confirmed by a voice vote in the Senate on Jul ...

, termed the exploit "critical" and advised vendors to prioritize software updates, and the German agency

Federal Office for Information Security The Federal Office for Information Security (, abbreviated as BSI) is the German upper-level federal agency in charge of managing computer and communication security for the German government. Its areas of expertise and responsibility includ ...

(BSI) designated the exploit as being at its highest threat level, calling it an "extremely critical threat situation" (translated). The Canadian Centre for Cyber Security (CCCS) called on organisations to take on immediate action. The feature causing the vulnerability could be disabled with a configuration setting, which had been removed in Log4j version 2.15.0-rc1 (officially released on December 6, 2021, three days before the vulnerability was published), and replaced by various settings restricting remote lookups, thereby mitigating the vulnerability. For additional security, all features using JNDI, on which this vulnerability was based, will be disabled by default, and support for message lookups removed from version 2.16.0 onward.

References

External links

* {{Apache Software Foundation Apache Software Foundation Free software programmed in Java (programming language) Log file formats Software using the Apache license