How can log4j be used to create audit logs in opensearch 2.0.1?

asked 2021-07-02 11:00:00 +0000

answered 2021-05-09 23:00:00 +0000

To use log4j to create audit logs in OpenSearch 2.0.1, you can follow the steps below:

  1. Add the following dependency to your pom.xml file:

  1. Create a file with the configuration to create your audit logs. Here is an example configuration for creating audit logs:
# Define the appender to write audit logs
appender.audit.type = RollingFile = AuditLog
appender.audit.fileName = /path/to/audit.log
appender.audit.filePattern = /path/to/audit-%d{yyyy-MM-dd}-%i.log.gz
appender.audit.layout.type = PatternLayout
appender.audit.layout.pattern = %d{yyyy-MM-dd HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n
appender.audit.policies.type = Policies
appender.audit.policies.time.type = TimeBasedTriggeringPolicy
appender.audit.policies.time.interval = 1
appender.audit.policies.size.type = SizeBasedTriggeringPolicy
appender.audit.policies.size.size = 100MB
appender.audit.strategy.type = DefaultRolloverStrategy
appender.audit.strategy.max = 10

# Define the logger to use the appender to create audit logs = auditLogger
logger.audit.level = info
logger.audit.appenderRefs = audit
logger.audit.appenderRef.audit.ref = AuditLog
  1. Load the log4j configuration file in your OpenSearch application:
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.core.LoggerContext;


// Load log4j configuration file
LoggerContext context = (LoggerContext) LogManager.getContext(false);
context.setConfigLocation(new File("/path/to/").toURI());
  1. Use the audit logger to create logs in your application:
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;


// Create audit logger
private static final Logger AUDIT_LOGGER = LogManager.getLogger("auditLogger");


// Log a message"User login successful: {}", username);

This will write audit logs to the /path/to/audit.log file with a maximum size of 100MB, and rotate the logs daily up to a maximum of 10 files. You can customize the configuration to meet your specific requirements.

