[jboss-user] [Installation, Configuration & Deployment] - Re: Deployed application steals logging from JBoss. How to p
zbiggy
do-not-reply at jboss.com
Fri Dec 4 05:29:23 EST 2009
I do not know the app - this is only binary code. What I see it deploys its own log4j and use such properties for logging:
log4j.rootCategory=ERROR, CONSOLE,MYLOG
|
| log4j.appender.CONSOLE=org.apache.log4j.ConsoleAppender
| log4j.appender.CONSOLE.Threshold=ERROR
| log4j.appender.CONSOLE.layout=org.apache.log4j.PatternLayout
| log4j.appender.CONSOLE.layout.ConversionPattern=%d{dd/MM/yy HH:mm:ss} %5p [%t] (%F:%L) - %m%n
|
| log4j.appender.MYLOG=org.apache.log4j.DailyRollingFileAppender
| log4j.appender.MYLOG.DatePattern='_'yyyyMMdd'.log'
| log4j.appender.MYLOG.File=server/default/log/mylog.log
| log4j.appender.MYLOG.Append=true
| log4j.appender.MYLOG.layout=org.apache.log4j.PatternLayout
| log4j.appender.MYLOG.layout.ConversionPattern=%d{dd/MM/yy HH:mm:ss} %5p [%t] (%F:%L) - %m%n
JBoss logs must not be affected by any deployed application. If there is no any configuration changes which can protect against such hostile behaviour this is security bug in JBoss. Before I start looking how to file a bug report to JBoss I would like to make sure there is no known protection to JBoss.
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4268957#4268957
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4268957
More information about the jboss-user
mailing list