At dawn a sharp alarm reveals a malicious C2 connection in the Linux empire, prompting a frantic hunt through hidden processes, missing logs, and a secret traffic‑analysis system that uncovers a Log4Shell JNDI exploit launched via port 36560, ultimately exposing mis‑configured ElasticSearch and prompting emergency patches.
The article explains why logging is essential for problem tracing, status monitoring, and security auditing, introduces Log4j, Log4j2, and Logback components and configuration files, demonstrates usage with Maven dependencies and code snippets, evaluates their synchronous and asynchronous performance, and offers practical recommendations for production environments.
This article details the correlation between system and business metrics, introduces three generic business‑monitoring platforms (UMP, PFinder, Taishan), defines a unified log format, provides Log4j and Java logging code, and explains alert rule configurations, visualizations, and real‑world incident case studies to improve operational reliability.
This article details the background, design, implementation, and best‑practice guidelines for business‑level monitoring, unified logging formats, log4j configurations, alert rules, and case studies of common issues faced by KA merchants in logistics operations.
This article explains how system‑level metric anomalies relate to business‑level metrics, describes the three internal business‑monitoring platforms (UMP, PFinder, Taishan), details unified log formats and Log4j configurations, and shares best‑practice case studies for alert rules, data visualization, and incident handling to improve operational reliability.
This article explains why logging is essential for software maintenance, outlines the purposes, readability, performance, disk‑space and timeliness considerations, describes Log4j components and log‑level hierarchy, and provides concrete code examples for TRACE, DEBUG, INFO, WARN and ERROR logging.
This article analyzes the memory increase observed after enabling Log4j2 asynchronous logging in Java services, examines root causes such as thread‑local reuse and large char[] allocations, and presents configuration and code changes—including disabling thread‑locals and limiting message size—to prevent heap growth and improve performance.
To correctly implement Java logging, choose a compatible framework‑system pair such as SLF4J with Logback, configure Maven dependencies and a rolling Logback XML, use MDC for context, enable dynamic level changes, avoid custom wrappers, and follow a checklist for cleanup and troubleshooting.
This guide explains how to troubleshoot and fix the UnsupportedOperationException caused by missing or outdated ASM libraries when upgrading the JDK, covering removal of old Maven dependencies, adding the correct ASM version, updating Groovy and related plugins, and disabling the Log4j shutdown hook warning.
This article introduces TLog, a zero‑intrusion Java logging library that adds globally unique trace IDs, SpanId and upstream/downstream tags to microservice logs, outlines its key features, multiple integration modes, configuration examples for Log4j and async logging, and shows how to use it with Spring Boot, Spring Native and task frameworks like XXL‑JOB.
After a Java system went live, a disk usage alert exceeding 90% prompted an investigation that uncovered a third‑party jar’s debug‑level Log4j configuration writing large logs to the root directory, and the issue was resolved by excluding the offending jar via Maven, highlighting the need for careful dependency management.
Effective logging is essential for debugging, performance monitoring, and compliance, and this guide explains why developers should adopt good logging habits, outlines key log purposes, requirements for readability, performance, storage, timeliness, levels, content, and format, and provides concrete Log4j examples and code snippets.
This article explains why logging is essential for maintainable software, outlines best‑practice guidelines for readable, performant, and secure log output, and details Log4j components, log level hierarchy, and practical macro examples for each level.
This article explains why proper logging is essential for software maintenance, outlines the purposes of logs, describes the requirements for readable, performant, and space‑efficient log output, and details Log4j components, log‑level hierarchy, and concrete code examples for TRACE, INFO, DEBUG, WARN, and ERROR logging.
Despite no major attacks yet, the DHS Cybersecurity Review Board’s latest report warns that the Log4j “nuclear‑level” vulnerability will likely be exploited for years, highlighting low current exploitation, indirect dependency risks, and urging academic cybersecurity training to strengthen future defenses.
This article explains the importance of proper logging in software, outlines common logging requirements such as readability, performance, disk usage, and timeliness, and details Log4j components, log level definitions, hierarchy, recommended usage, and provides concrete macro and log‑statement examples.
This article uses the 2021 Log4j vulnerability as a lens to explore the nature of open‑source software, its licensing, governance, security implications, and the benefits and responsibilities for individuals and enterprises participating in the open‑source world.
The 2022 Cloud‑Native Threat Report reveals a rise in Kubernetes‑targeted attacks, persistent supply‑chain threats in container images, and active exploitation of the Log4j zero‑day, underscoring the urgent need for specialized security measures in modern cloud‑native environments.
JetBrains announced that the IntelliJ platform will discontinue Log4j and adopt java.util.logging as the standard logging framework, providing migration steps, stub implementations, and security rationale for developers to update their plugins and codebases accordingly.
This article explains why proper logging is essential for software maintenance, outlines the purposes of logs, details best‑practice requirements such as readability, performance impact, disk usage and timeliness, and provides a comprehensive guide to Log4j components, log levels, their hierarchy, and practical code examples for each level.
JetBrains announced that the IntelliJ platform will discontinue Log4j usage, recommending java.util.logging as the standard logging framework, and provides detailed migration steps, security reasons, and version information for developers to adapt their plugins and dependencies.
Adobe released an emergency patch for a critical Magento zero‑day (CVE‑2022‑24086), JetBrains removed Log4j from the IntelliJ platform, and Google unveiled Android 13 "Tiramisu" with new privacy and UI enhancements, highlighting the industry's rapid response to security and usability challenges.
JetBrains announced the removal of Log4j from the IntelliJ platform in the 2022.1 release, explaining that the IDE’s minimal logging needs and Log4j’s complexity prompted the change, and offering plugin developers migration guidance to standard platform logging APIs, SLF4J, or java.util.logging alternatives.
The article details three Xianyu backend incidents where Full GC pauses caused latency spikes or outages, analyzes root causes ranging from survivor space shortage and mis‑tuned CMS to oversized async Log4j events and massive string‑concatenation logs, and presents remediation steps such as switching to G1GC, adjusting Log4j settings, and using parameterized logging to eliminate the pauses.
The Log4j 2.17.0 release still contains a medium‑severity vulnerability (CVE‑2021‑44832) in the JDBCAppender that allows remote code execution via JNDI, affecting versions up to 2.17.0, and can be mitigated by upgrading to the appropriate patched version for each Java runtime.
The article explains how JNDI works as a configuration and naming service in Java, shows its use with database drivers, and demonstrates how its SPI mechanism can be abused to load remote code, leading to serious security exploits such as the Log4j vulnerability.
Google Open Source Insights researchers examined every Maven Central package version, revealing that over 8% of Java packages are affected by Log4j, most through transitive dependencies, and highlighting the complex, multi‑step remediation required across deep dependency trees.
Apache Log4j 2.17.0 has been released, addressing CVE‑2021‑45105 and fixing recursive string‑replacement vulnerabilities that could cause StackOverflowError DoS attacks, while also tightening JNDI usage and correcting several configuration and appender issues, with recommended mitigation steps for earlier versions.
The Log4Shell (CVE-2021-44228) vulnerability in Apache Log4j, first reported on November 24, has triggered a global security crisis, affecting thousands of organizations, enabling rapid exploitation for crypto mining and data theft, and prompting massive attack volumes that rival historic flaws like Heartbleed and EternalBlue.
Apache Log4j 2.16.0 introduces default JNDI disabling, stricter protocol limits, and the removal of Message Lookups to harden security, and Spring Boot users can upgrade by globally adjusting the log4j2 version, with detailed steps illustrated in the accompanying image.
Apache Log4j 2.16.0 has been released, offering updated SLF4J adapters, disabling JNDI by default to mitigate CVE‑2021‑44228, removing message lookups, and requiring Java 8+, with detailed upgrade instructions and links to download and issue trackers.
On December 10, a critical remote code execution vulnerability in Apache Log4j 2.x (≤ 2.14.1) was disclosed, allowing attackers to execute arbitrary code via JNDI injection; the article explains the flaw, affected components, detection methods, and urgent remediation measures such as disabling lookups and upgrading to safe versions.
The Log4Shell (CVE‑2021‑44228) zero‑day in the widely used Log4j library lets attackers execute remote code without authentication, prompting massive internet‑wide scans, crypto‑mining malware, and threats to critical infrastructure, while open‑source maintainers struggle with limited support despite adoption by giants like Apple and Microsoft.
The article explains the severe Apache Log4j 2 remote code execution flaw affecting versions up to 2.14.1, outlines its impact on Java applications, and provides both permanent upgrade steps and urgent workarounds to protect systems from exploitation.
The article explains the Log4j 2 remote code execution vulnerability affecting versions up to 2.14.1, describes its impact, lists affected components, and provides both permanent upgrade instructions and urgent mitigation steps such as JVM flags, configuration changes, and environment variable settings.
Apache Log4j 2’s recursive lookup flaw enables remote code execution without special configuration, affecting versions up to 2.14.1; the article outlines the vulnerability’s impact, affected components, and provides both permanent fixes—upgrading to 2.15.0‑rc2—and urgent mitigation steps such as JVM flags and environment variable changes.
This guide explains how MyBatis initializes its logging factory, shows how to add SLF4J and Log4j dependencies, configure SimpleLogger properties, resolve multiple SLF4J bindings, and switch the logging implementation via mybatis-config.xml and log4j.properties, with full code examples and sample output.
This article explains Java logging fundamentals, the purpose of each log level, practical best‑practice guidelines, and how to implement a custom Logback appender that injects request IDs for effective distributed debugging and seamless ELK integration.
This article explains Java logging fundamentals, the four standard log levels, practical best‑practice guidelines, and how to implement a custom Logback appender that injects a request ID for better traceability in distributed systems using ELK and Kafka.
This article explains the evolution, relationships, and dependencies of Java logging frameworks such as JCL, SLF4J, Log4j, Logback, and JUL, and provides practical guidance on configuring and unifying logging output across projects, including common pitfalls and adapter usage.
This article explains the evolution and inter‑relationships of Java logging libraries such as Log4j, JUL, JCL, SLF4J and Logback, shows how to configure adapters to unify logging across frameworks, addresses common runtime issues, and provides coding‑style recommendations for consistent log output.
This article explains the evolution and relationships of Java logging libraries, shows how to resolve common issues like missing logs or jar conflicts, and provides practical guidance for configuring unified logging across frameworks such as SLF4J, Logback, Log4j, and Spring.
This guide explains the relationships and dependencies among Java logging frameworks such as Log4j, SLF4J, Logback, and JUL, shows how to resolve common issues like missing logs or jar conflicts, and provides practical steps to unify logging output across different modules and libraries.
This article explains the adapter pattern, illustrates its role in SLF4J by analyzing the Logger interface, Log4jLoggerAdapter, and related factory code, compares object and class adapters, and discusses the pattern's advantages and drawbacks in Java logging frameworks.
This article surveys the major Java logging frameworks—including Log4j, Log4j2, Logback, SLF4J, J.U.L, and Jakarta Commons Logging—explains their histories, architectural differences, typical use‑cases, and provides practical guidance for selecting the most suitable option for new projects.
This article explains how to configure logging in Spring Boot, covering supported versions, log levels, available logging frameworks, default Logback setup, code usage with Lombok, customizing log levels, directing output to files, formatting patterns, and detailed Logback XML configuration.
The article details how a SaaS application's intermittent slowdown was traced to a Log4j logger lock contention issue, discovered via thread dumps and an online analysis tool, and resolved by migrating from the unmaintained Log4j 1.x to Log4j2.
An intermittent slowdown in a Java SaaS app, even during low traffic, was traced to a Log4j locking bug that blocked hundreds of threads; capturing a thread dump, analyzing it with fastthread.io, and upgrading to Log4j2 resolved the issue.
This tutorial demonstrates how to configure Log4j for simulated logging, collect the logs with Flume, forward them to Kafka via a Flume KafkaSink, and finally consume the stream using Spark Streaming, providing a complete end‑to‑end big‑data pipeline example.
This guide demonstrates how to generate Log4j logs in Java, configure Maven dependencies, set up log4j properties, launch Kafka and Flume agents, and process the streamed data in real time using Spark Structured Streaming for a complete big‑data logging pipeline.
This article explains the importance of logging in Java web applications, reviews the most popular logging frameworks, introduces the concept of a logging facade, and shows why using SLF4J (or similar facades) is the best practice to reduce coupling and simplify future framework changes.
This article provides a detailed overview of Java logging frameworks—including Log4j, Log4j 2, Commons Logging, SLF4J, Logback, and JUL—covers their history, relationships, implementation mechanisms, practical selection guidelines, SLF4J usage patterns, source‑code analysis, bridge solutions for legacy APIs, and strategies for excluding unwanted logging dependencies.
The article discusses common challenges with missing logs in production, proposes practical solutions such as adding machine identifiers via Nginx headers and embedding user information with Log4j's MDC, and outlines concise logging guidelines to improve traceability and performance analysis for Java backend systems.
A production Elasticsearch 5.3.2 cluster showed a persistent 80% heap usage due to a hidden memory leak caused by Log4j thread‑local objects retaining large bulk request data, and the article walks through the investigation, heap‑dump analysis, source‑code tracing, and a practical fix using a JVM flag.
The article explains how Dubbo's standalone service container loads optional Spring, Jetty, and Log4j modules, details their configuration properties, demonstrates various startup methods, and provides a complete Java implementation of the SpringContainer with start and stop logic, followed by a test main class.
This article provides a comprehensive overview of the major Java logging frameworks—including Log4j, Log4j2, Commons Logging, SLF4J, Logback, and JUL—covers their history, relationships, implementation mechanisms, and offers practical guidance on selecting and integrating them in projects.
This article provides a comprehensive guide to Java logging frameworks, detailing the roles of SLF4J, Log4j, Logback, and Log4j2, comparing their architectures, showing how to configure each with XML files and Maven dependencies, and offering practical code examples and troubleshooting tips.
This article explains the purpose of each log level, when to write logs, performance impacts, and concrete best‑practice patterns for INFO, DEBUG, WARN and ERROR in Java applications, providing actionable templates and configuration tips to build a robust logging system.
This article explains how Log4j creates and organizes Logger instances into a hierarchical graph, illustrates the role of the root logger, details level definitions and inheritance, and shows practical XML configurations for unified and isolated logging across modules.
The article explains the design, implementation, and operational benefits of a middleware component that dynamically adjusts log levels in Java services, helping large‑scale delivery platforms balance comprehensive debugging information with system performance and avoid catastrophic failures during peak traffic.
This article explains how to centralize Java application logs by configuring Log4j's JMSAppender to send log events to an ActiveMQ broker, demonstrates project setup with Maven, shows Spring integration, and provides detailed code examples and troubleshooting steps for reliable remote logging.
