I am using my logback.xml to log to console and to an external file.
I would like to use this as an auditing feature which logs when users perform certain actions i.e. log on/off etc.
I was wondering if there is a way to make to log files immutable, since at the moment to log files that are stored are easily changed using a text editor.
Also is there a way to make them password protected or stored in a password protected file.
Thanks.
This is a rather broad question, on the verge of being too broad, but I'll give it a shot.
If you're logging to regular text files, then they can be secured just like you would any other kind of file on your platform (by restricting user permissions, using filesystem encryption, using filesystem auditing, automatically copying to a write-once system like a CD, etc.)
If you want to do something beyond what your filesystem platform can do, then perhaps you want to log to some sort of database which has the auditing and permissions features that you're looking for? Logback has a database Appender built in, and you could even write your own Appender if you need to log somewhere more exotic for some reason.
But really, there's nothing Logback-specific to help you secure your data. It's a framework that lets you easily send logging data to it, and easily configure where to put that data, but once you have that data it's up to you to figure out what you need to do with it, just like all your other data.