1

We want to migrate a Java 7 web app from log4j 1.2.12 to log4j 2.12.4 and modify the app as less as possible.

The app was using SLF4J and including this dependencies:

  • log4j
  • slf4j-api
  • slf4j-log4j12
  • jcl-over-slf4j

And excluding all possible reference to commons-logging.

We replaced the previously indicated dependencies by:

  • log4j-api
  • log4j-core
  • log4j-slf4j-impl
  • slf4j-api

And we kept the commons-logging exclusion.

We are working with spring version 4.2.1, servlet 3.0 and loading the log xml configuration in an init servlet with this code:

    File file = new File(pathToFile);
    LoggerContext context = (LoggerContext) LogManager.getContext(false);
    context.setConfigLocation(file.toURI());

Our problem is that the log configuration is only working in the web module. The rest of modules included in the project are not taking the logs configuration.

Any idea about where the problem can be and how to solve it?

ImiChau
  • 81
  • 1
  • 3
  • Which servlet are you setConfigLocation method invoked? Also it has to be set in initialization process of servlet(init method). – Gurkan İlleez Jan 31 '22 at 10:58
  • Did you check that log4j2 works with java 7 – Gurkan İlleez Jan 31 '22 at 10:58
  • We have a Log4JInitServlet defined in the web.xml file. This was working with out problem before the app migration (old log4j version) – ImiChau Jan 31 '22 at 11:02
  • Apache recommendation for Java 7 is log4j 2.12.4 version – ImiChau Jan 31 '22 at 11:04
  • What do you mean by _module_? Are you referring to Java EE modules? See [logging separation](https://logging.apache.org/log4j/2.x/manual/logsep.html) if that is the case. BTW: there is a `log4j-web` artifact that can replace your servlet initialization. – Piotr P. Karwasz Jan 31 '22 at 11:08
  • The app is a maven project whit the code organized in several projects (DAO, utilities, etc) and we want to modify the code as less as possible – ImiChau Jan 31 '22 at 11:15
  • 1
    Be careful, log4j2 < 2.17 contains some vulnerabilities. See https://nvd.nist.gov/vuln/detail/CVE-2021-44832 – Junior Dussouillez Jan 31 '22 at 11:17

0 Answers0