This guide explains how to generate a unique traceId for each request, propagate it through REST, MQ, and RPC modules, and configure Log4j2 to include the traceId in log output, enabling clear end‑to‑end request tracing in a Spring Boot project.
This guide explains how to replace Spring Boot's default Logback with Log4j2, covering Maven dependency changes, XML/YAML configuration, Java usage examples, advanced options like environment-specific files and asynchronous logging, and common troubleshooting tips.
This article explains how to eliminate manual logging of user and order identifiers in Java e‑commerce services by using Log4j2 placeholders, ThreadLocal, MDC, a custom @UserLog annotation, and Spring AOP to automatically enrich log messages with these contextual fields.
After a recent deployment, a Java service began experiencing over five Full GC events per minute, traced to Log4j2’s thread‑local buffer misconfiguration and a -XX:PretenureSizeThreshold setting that forced large StringBuilder objects directly into the old generation, leading to memory pressure and frequent Full GCs.
This article explains how to generate a unique traceId at request entry, propagate it through Rest, MQ, and RPC modules using Log4j2, MDC, and custom converters, and format logs so that distributed traces become easily readable and correlated across services.
This article examines Log4j2 asynchronous logging bottlenecks, explains the underlying Disruptor queue mechanics, identifies root causes of thread blocking, and presents practical strategies—including queue tuning, log classification, bytecode instrumentation, and IDE plugins—to achieve fine‑grained, performant log control.
This article walks through a practical approach to generate a unique traceId at request entry, propagate it through REST, RocketMQ, and Dubbo RPC modules, and configure Log4j2 to print the traceId so that logs from different services can be correlated into a single request chain.
Log4j2’s asynchronous logging can cause thread blocking when the Disruptor ring buffer fills, a problem explored through its architecture, root causes, and practical mitigation strategies such as dual‑track log classification, bytecode‑enhanced line‑level control, Maven plugins, and IDE integrations for dynamic log management.
This article examines the causes of Log4j2 asynchronous logging blockage in high‑throughput Java services, explains the underlying Disruptor mechanics, and proposes a dual‑track logging architecture with compile‑time bytecode enhancement and IDE plugins for line‑level log activation.
This article explains how to generate a unique traceId for each request, propagate it through Rest, RocketMQ, and Dubbo RPC modules, and configure Log4j2 (including custom Message, MessageFactory, and PatternConverter) to output the traceId so that logs across services can be correlated and read sequentially.
This article explains how to generate a unique traceId at request entry and propagate it through Rest, MQ, and RPC modules using Log4j2, MDC, and custom converters, enabling clear, linked log output across the entire request chain.
The article explains why logging is essential for problem tracing, status monitoring, and security auditing, introduces Log4j, Log4j2, and Logback components and configuration files, demonstrates usage with Maven dependencies and code snippets, evaluates their synchronous and asynchronous performance, and offers practical recommendations for production environments.
This article explains how to introduce a unique traceId for request tracing across Rest, MQ, and RPC modules using Log4j2, custom message factories, converters, and AOP, enabling clear, linked logs throughout the service chain.
This article presents a detailed case study of a severe service outage caused by Log4j2 asynchronous logging bottlenecks, explains step‑by‑step diagnostics of JVM, disk, and RingBuffer metrics, and demonstrates how adjusting log4j2.asyncQueueFullPolicy and log4j2.discardThreshold dramatically improves recovery time during load testing.
This article analyzes a severe service‑availability drop caused by Log4j2 asynchronous logging bottlenecks, explains how configuring log4j2.asyncQueueFullPolicy=Discard and log4j2.discardThreshold=ERROR mitigates the issue, details the investigation steps, performance tests, and provides practical recommendations for robust backend logging.
This guide explains why System.out.println is unsuitable for production, compares Java logging frameworks such as Log4j2, Logback and SLF4J, shows how to integrate them with code and Lombok, and provides comprehensive best‑practice recommendations on log levels, formatting, volume control, rolling policies, asynchronous logging and log aggregation.
This guide explains why logging is essential for Java applications, compares popular logging frameworks such as Logback, Log4j2, and SLF4J, shows how to integrate them with Spring Boot, and provides concrete best‑practice recommendations for levels, formatting, async handling, rotation, and security.
The article investigates a severe performance bottleneck in a Java service caused by massive async Log4j2 logging, analyzes the Disruptor‑based async logger, explores JNI stack‑trace overhead, reproduces the issue with benchmarks, and provides practical recommendations to eliminate the slowdown.
This article provides a comprehensive analysis of how Spring Boot integrates Log4j2 (and Logback), detailing the internal logging architecture, configuration options, initialization flow, logger groups, and how to perform hot updates of logger levels via the LoggersEndpoint or custom APIs.
This article provides a comprehensive analysis of how Spring Boot 2.7.2 works with Log4j2 2.17.2, covering Log4j2's core components, Spring Boot's logging configuration options, the internal startup sequence, the LoggersEndpoint for runtime level changes, and custom hot‑update techniques, all illustrated with code snippets and diagrams.
This article explains how to use SLF4J as a facade for Logback or Log4j2, shows Maven dependencies, demonstrates logback.xml and logback‑spring.xml configurations, covers Spring Boot's default logging setup, custom log levels, profile‑based settings, and how to switch to Log4j2 for higher performance.
This article explains why Java logging can become a performance bottleneck, identifies common misuse patterns, and provides practical steps—such as dynamic log levels, avoiding string concatenation, selective location info, and cautious async logging—to dramatically improve throughput and latency.
This article compares the performance of Log4j2 and Logback in Java, explains their relationship with SLF4J, presents benchmark results under various thread counts, and provides detailed configuration and usage guidelines for both Spring Boot and plain Java projects.
This article explores Java logging performance by analyzing the logging pipeline, presenting measurements of log size impact, and offering concrete optimization techniques such as reducing log payload, compressing logger and exception output, using asynchronous logging, and configuring rolling files to minimize both visible business overhead and hidden system costs.
This article analyzes a performance bottleneck caused by synchronous Log4j2 logging, demonstrates how converting to asynchronous logging with AsyncLogger or AsyncAppender dramatically reduces response time, increases TPS, and lowers CPU usage, and provides detailed configuration examples and best‑practice guidelines.
This article explains why logging is crucial in software development, introduces the standard log levels, reviews popular Java logging libraries such as Log4j, Logback and SLF4J, demonstrates their configuration and usage, compares their features, and highlights the Facade design pattern that underlies SLF4J.
The study evaluates log4j2 and logback performance, recommends asynchronous logback for high‑concurrency workloads, demonstrates latency reductions in a production service, and introduces a TraceContext‑based flag to share logging state across micro‑services, cutting daily log volume by ~80 % and easing distributed system overhead.
This article explains the Log4j2 vulnerability, demonstrates step‑by‑step exploitation using malicious payloads and LDAP servers, and provides practical mitigation measures including version upgrades and JVM configuration changes to protect Java applications.
Facing massive log volume in JD.com’s shopping cart service, we reduced disk consumption, CPU load, and improved request latency by applying Log4j2 log level filtering, asynchronous logging with AsyncLogger, and TTL‑based thread‑local context propagation, while providing detailed metrics, configuration steps, and best‑practice recommendations.
This article examines how excessive logging, AsyncAppender queue saturation, JVM reflection optimizations, and Lambda class loading can cause thread blocking in Log4j2, analyzes root causes with code examples, and provides practical guidelines and best‑practice configurations to prevent performance degradation in high‑throughput Java services.
The article examines how Log4j2’s AsyncAppender can block threads when its default 128‑entry queue fills, because creating LogEvent snapshots triggers ThrowableProxy parsing that loads reflective and lambda‑generated classes, causing class‑loader bottlenecks, and recommends custom async appenders, disabling reflection inflation, using synchronous loggers, and proper configuration to avoid these delays.
This article demonstrates how to create a Spring AOP request‑logging aspect that captures IP, URL, HTTP method, class method, parameters, results and execution time, and extends it with high‑concurrency handling, error logging, and TraceId propagation for better traceability.
This article presents a comprehensive approach to optimizing Log4j2 logging in high‑traffic Java services by reducing disk and CPU consumption through log level control and pattern tuning, adopting asynchronous logging, and enabling end‑to‑end request traceability using ThreadLocal, TransmittableThreadLocal, and MDC techniques, supported by performance test results and practical recommendations.
The FTC urges companies to urgently patch Log4j2 (CVE‑2021‑44228) after a month of attacks by state‑backed hackers, warning of massive data leaks, financial loss, and potential lawsuits, while highlighting past cases like Equifax’s $700 million settlement.
This article outlines the Log4j2 security vulnerability, notes that Logback shares the same flaw, and provides comprehensive remediation advice—including upgrading to Log4j2 2.17, coordinating development and security teams, testing environments, JDK updates, and consulting professional security services.
Learn how to replace Spring Boot 2.x's default Logback logging with the high‑performance Log4j2 by adding the starter dependency, configuring the logging file, and setting up a basic log4j2.xml, including code snippets and troubleshooting tips for a smooth migration.
The article explains the Log4j2 remote code execution flaw caused by unsafe JNDI lookups, outlines its widespread impact on Java applications and major Chinese tech firms, and provides concrete emergency mitigation steps such as JVM parameter changes, firewall rules, and upgrading to version 2.17.0.
The Chinese Ministry of Industry and Information Technology suspended Alibaba Cloud for six months after the company failed to promptly report a critical Log4j2 vulnerability, highlighting the importance of timely disclosure and compliance with national cybersecurity regulations.
The Chinese cybersecurity authority has suspended Alibaba Cloud’s partnership for six months after the company discovered a critical Log4j2 vulnerability but failed to promptly report it, highlighting gaps in vulnerability disclosure and threat‑management processes.
This article introduces Apache Log4j2, explains the remote code execution vulnerability caused by unsafe JNDI lookups, provides step‑by‑step environment setup, PoC code, exploitation instructions, and outlines official patches and temporary mitigation measures for developers and security engineers.
The article examines the high‑profile Log4j2 vulnerability, exposes the unpaid volunteer model behind many open‑source projects, and argues that companies must pay for the software they rely on to create a sustainable ecosystem for maintainers.
This article explains the Log4j2 remote code execution vulnerability, its affected versions, how to set up a test environment, detailed exploit code examples, and recommended mitigation measures including upgrades and JVM configuration changes.
Log4j2 2.17.0 fixes the critical CVE‑2021‑45105 vulnerability affecting versions up to 2.16.0, and the article explains the flaw, provides Maven upgrade instructions, and offers temporary mitigation steps for environments that cannot upgrade immediately.
Using LGTM’s online CodeQL scanner, the author demonstrates how a 2020 CWE‑074 rule can automatically detect a Log4j2 0‑day vulnerability, explains the rule’s data‑flow logic, and provides step‑by‑step instructions for scanning open‑source projects and responsibly handling discovered exploits.
The article examines the high‑profile Log4j2 vulnerability, exposes the unpaid labor of open‑source maintainers, and argues that sustainable funding models and corporate‑maintainer contracts are essential for the long‑term health of critical open‑source projects.
This article examines the Log4j2 critical vulnerability, explains why merely having log4j‑api does not guarantee exposure, demonstrates step‑by‑step reproduction in a Spring Boot project, analyzes the JNDI injection mechanism, and outlines temporary mitigations and official fixes.
This article explains the critical Log4j2 remote code execution vulnerability, offers JD Cloud's free online scanning service, details rapid defense measures using Web Application Firewall and Starshield, and provides step‑by‑step mitigation and upgrade recommendations to protect Java applications.
The Log4j2 remote code execution flaw is hard to contain because it enables arbitrary code execution and hides its traffic signatures, but Runtime Application Self‑Protection (RASP) can detect malicious behavior at the application level, offering low false‑positives and automatic component discovery without relying on constantly updated rules.
This article explains what Apache Log4j2 is, details the remote‑code‑execution vulnerability affecting versions 2.0 to 2.14.1, provides the official patch link, and lists practical temporary mitigation steps for developers and operators.
The Log4j2 flaw, a low‑cost, high‑impact Java logging vulnerability, has exposed tens of thousands of open‑source components and over 70% of enterprise systems, prompting massive remediation efforts and highlighting the urgent need for robust security support.
This guide explains four remediation methods for the Log4j2 security flaw in Dble, including upgrading to Log4j2 2.16.0, adding a configuration property, adjusting JVM parameters for older versions, and setting a system environment variable, with detailed step‑by‑step instructions and code snippets.
The article explains the massive impact of the Log4j2 remote code execution vulnerability, details why its JNDI lookup is easily exploitable, lists affected software, and provides a concise four‑step guide using Alibaba Cloud ARMS RASP to detect, monitor, and block attacks while offering remediation recommendations.
This article explains the fundamentals of Java Naming and Directory Interface (JNDI), its architecture and typical usage, then walks through a step‑by‑step RMI implementation and demonstrates how JNDI can be abused to craft a Log4j2 remote code execution attack, complete with full code samples and mitigation advice.
This article breaks down the widely publicized Log4j2 (Log4Shell) flaw, explaining the underlying JNDI and LDAP lookup mechanisms, how malicious payloads are executed through log messages, the massive impact across Java ecosystems, and the steps needed to remediate the issue.
The article explains the severe Log4j2 remote‑code‑execution vulnerability affecting versions 2.0 to 2.14.1, provides the official patch link, and lists practical temporary mitigation steps such as JVM flags, configuration changes, environment variables, and network isolation to protect Java applications.
A critical remote code execution vulnerability in Apache Log4j2, exposed through JNDI injection, has impacted major services worldwide, prompting urgent patches, temporary mitigations, and ongoing updates from the Apache project to protect vulnerable Java applications.
The Log4j2 remote code execution vulnerability (CVE‑2021‑44228, CNVD‑2021‑95914) affects all Java‑based applications from version 2.0 to 2.15.0‑rc1, allowing unauthenticated attackers to execute arbitrary code, and requires immediate inventory, patching, and hardening measures across all affected systems.
This article provides an in‑depth overview of Apache Log4j2, comparing it with Logback and Log4j 1, highlighting its superior asynchronous performance, zero‑GC operation, flexible configuration formats, rich appender ecosystem, and practical code examples for Maven integration, XML setup, and advanced logging techniques.
This guide walks you through setting up a complete log‑collection and visualization pipeline—preparing servers, configuring a SpringBoot application with Log4j2, routing logs to Kafka, harvesting them with Filebeat, processing with Logstash, and finally visualizing in Elasticsearch and Kibana.
This tutorial walks through the end‑to‑end setup of a logging pipeline that starts with a SpringBoot application using Log4j2, forwards logs to Kafka, collects them with Filebeat, processes them via Logstash, and finally visualizes them in Elasticsearch and Kibana, covering server preparation, configuration files, and essential code snippets.
This tutorial walks through preparing servers, configuring a SpringBoot project with Log4j2, setting up Kafka, Filebeat, and Logstash to collect and parse logs, and finally visualizing them in Elasticsearch and Kibana, providing a full end‑to‑end logging solution.
This article explains how to protect sensitive information in Spring Boot applications by encrypting configuration files with jasypt‑spring‑boot, masking API response fields using a custom Jackson annotation, and filtering log output with a custom Log4j2 PatternLayout, providing complete code examples for each method.
During development of the DCS_FunTester framework a custom servlet filter logged each HTTP request twice because Spring automatically registered an implicit filter with a lowercase bean name, and overriding the filterName resolved the duplicate logging issue.
This step‑by‑step guide shows how to configure a Spring Boot application with Log4j2, ship logs via Filebeat to Kafka, process them with Logstash, and visualize the data in Elasticsearch and Kibana, covering server setup, Maven dependencies, configuration files, and deployment commands.
This article explains how Log4j2's RollingFileAppender works, covering the concepts of rollover, the various TriggeringPolicy options, DefaultRolloverStrategy behavior, DeleteAction configuration, and provides sample XML configurations and a Java demo to illustrate time‑based, size‑based, and composite rollover scenarios.
This article explains how SLF4J’s Mapped Diagnostic Context (MDC) leverages ThreadLocal to embed trace and span identifiers into log messages, demonstrates configuring log4j2 patterns, shows code for injecting and clearing MDC values during span lifecycle, and addresses MDC propagation in asynchronous threads using Transmittable ThreadLocal.
In a high‑concurrency Java service, occasional request timeouts were traced to long pauses between log entries, leading to an investigation that revealed frequent JVM stop‑the‑world events caused by GC, safepoint‑related biased‑lock revocations, and Log4j2 locking issues.
This article explains how Log4j2's RollingFileAppender works, covering the roles of TriggeringPolicy and RolloverStrategy, showing various filePattern configurations, detailing the DefaultRolloverStrategy max parameter, introducing DeleteAction for custom file cleanup, and providing Java demo code and test configurations.
This article explains how malicious newline characters in logged usernames can cause log injection, demonstrates a simple input‑sanitizing method, shows how to use Log4j2's %enc{%m}{CRLF} pattern and a custom ThrowablePatternConverter to ensure all log messages and exception stacks remain on a single safe line.
Log4j2, the modern successor to Logback and Log4j 1, offers dramatically superior asynchronous performance, zero‑GC operation, flexible configuration formats, powerful parameter formatting, lazy logging via lambdas, and extensive appender support, making it the top choice for Java logging in high‑throughput applications.
This article compares Log4j2 with older Java logging frameworks, highlighting its superior asynchronous performance, zero‑GC design, flexible parameter formatting, simplified configuration options, and practical usage examples, ultimately showing why it should replace Logback and Log4j1 in modern applications.
The article describes a macOS JDK bug where calls to java.net.InetAddress.getLocalHost() cause a 5‑second (or longer) delay during application startup, explains the investigation steps, and provides three practical fixes including hosts file modification, interface aliasing, and JDK upgrade.
This article describes how to programmatically configure Log4j2's LoggerContext to separate middleware logs into dedicated files, encapsulate the setup in a shared jar, expose a logger retrieval API, and integrate it into middleware components, reducing business log interference and storage costs.
This article describes how the architecture team packages a unified log4j2.xml into a common JAR, uses sys system variables for customizable parameters, and maps SpringBoot application.yml settings to those variables via a custom EnvironmentPostProcessor, enabling developers to configure logging with minimal effort.
This tutorial introduces Docker, walks through installing it on CentOS, demonstrates pulling a Java image, creating a Spring Boot project with Docker Maven plugin, building and running the container, and shows how to view container and Log4j2 logs.
This article investigates why using Log4j2's ConsoleAppender can block business threads, analyzes thread stack traces and performance bottlenecks, and demonstrates how switching to AsyncLogger with Disruptor dramatically improves logging throughput and eliminates service deadlocks.
This article revisits a previous logback configuration test, expands the sample size and repeats the measurements using JMeter, JProfile, and New Relic APM to compare synchronous and asynchronous logging in Logback and Log4j2, revealing that asynchronous logging reduces log latency but only marginally improves overall TPS, while Log4j2’s async implementation can boost TPS up to six times.
This tutorial explains how to install Docker on CentOS, pull a Java image, create and configure a Spring Boot project, write a Dockerfile, build the Docker image with Maven, run the container, and view both console and Log4j2 file logs inside the container.
This article explains how to seamlessly replace Spring Boot's default Logback logging framework with alternatives like Log4j2 by leveraging the SLF4J facade, covering version requirements, dependency management, configuration files, and detailed XML examples for various log levels.
The article explains how Log4j2 can cause thread blocking under heavy exceptions due to class‑loading locks, describes the JVM's reflection optimization mechanism, shows how to verify it with sample code, and outlines ways to disable or tune the optimization using system properties.
Through extensive JMeter and APM testing on a 6‑core, 8 GB server, this article reveals that switching Logback from synchronous to asynchronous logging yields minimal TPS improvement, explains why, and demonstrates that Log4j2’s async implementation can achieve up to six‑fold performance gains.
This guide explains how to use the Arthas logger command to change Java logger levels on‑the‑fly without restarting the JVM, demonstrates a complete Log4j2 XML configuration, and provides a runnable Java example that continuously emits logs at various levels.
The author recounts attempting to upgrade from Log4j to Log4j2 due to lack of asynchronous support, discovers that Log4j2 does not accept properties files, switches to XML configuration, and eventually realizes asynchronous logging may not be necessary, illustrated with a screenshot.
This article explains what a Java ClassLoader is, details its core APIs such as defineClass, findClass, loadClass, and findResource, describes the parent‑delegation model, and demonstrates how custom ClassLoaders can be used for class isolation in Java agents, illustrated with real‑world log4j2 pitfalls and solutions.
After weeks of investigation, this post details how intermittent request timeouts in a high‑concurrency Java service were traced to frequent JVM stop‑the‑world pauses caused by GC, safepoint logging, biased lock revocation, and Log4j2’s synchronous logging, and outlines the steps taken to diagnose and resolve the issue.
This guide explains how Mica-Log4j2 provides environment‑specific log configurations, high‑throughput asynchronous logging via Disruptor, replaces System.out/err in non‑dev modes, and shows Maven/Gradle dependencies, system settings, custom log levels, file structures, and open‑source resources for Spring Boot applications.
An in‑depth performance comparison of Logback and Log4j2 shows how asynchronous logging and the Disruptor queue dramatically improve throughput, with benchmark data across various hardware, configuration tips, and a look at underlying queue implementations such as ArrayBlockingQueue versus Disruptor.
This article provides a comprehensive guide to Java logging frameworks, detailing the roles of SLF4J, Log4j, Logback, and Log4j2, comparing their architectures, showing how to configure each with XML files and Maven dependencies, and offering practical code examples and troubleshooting tips.
This article presents a design for a transparent, flexible, and low‑resource distributed logging solution that uses Lucene for indexing, Apache Ignite for service and compute grids, and a custom Log4j2 appender, enabling fast, unified log queries across clustered applications.
