>Mark Benedetto King <mbk@lowlatency.com> wrote:
> My guess is that your complex Java application
> actually
> has two logging facilities:
>
> 1.) Application-level audit-logging of things like
> "user
> logged in", "user logged out", "user changed
> password", and
> perhaps even "user ran report Foo with criteria
> Bar".
>
[...]
>
> If your application doesn't have this, it probably
> isn't SOX compliant.
Huh?
> 2.) log4j, for troubleshooting, monitoring,
> debugging,
> tuning, etc.
In the last three or four java apps our shop rolled
out, we used log4j exclusively for logging purposes.
At least a couple of the third-party library does the
same, hence everyhing gets into the same log file, in
the same format and under the same log-level regime.
If we suspect a bug (in our software or third-party
software) we increase the log level and start
analysing - in addition to debugging, etc, of course.
> log4j is great at (2), it's not-so-great at (1),
> especially in environments where the audit trail
> is extremely important (think SOX compliance).
Audit trails and technical logging has absolutely
nothing to do with each other. Audit trails belong in
a database you take backup of. Technical log entries
belong in a disposable file.
IMHO.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Wed Jul 13 23:04:27 2005