How to Protect Your Logs with immudb and Log4j
Logs play a big role in understanding the behavior of software systems. They offer a comprehensive record of events, ...
Logs play a big role in understanding the behavior of software systems. They offer a comprehensive record of events, errors, and operational metrics, making it easier to diagnose issues, optimize performance, and ensure the smooth functioning of applications. However, while storing logs is crucial, ensuring their security and integrity is even more important. Tamperproof logs protect against unauthorized access and modifications, preserving the authenticity and reliability of the logged data.
In this post, we'll guide you through the process of securing your logs using the immudb-log4j-appender
, a plugin designed for the popular Log4j Java logging framework. This plugin enables you to automatically send logs to immudb and immudb vault, ensuring their security and tamper-resistance.
Setting Up and Configuring the Appender
Before you can start securing your logs, ensure that your project is configured with the necessary dependencies. Once that's in place, configuring Log4j to send logs to immudb or immudb vault is straightforward. Below is a sample configuration to help you get started:
<?xml version="1.0" encoding="UTF-8"?>
<Configuration status="WARN">
<Appenders>
<Console name="ConsoleAppender" target="SYSTEM_OUT">
<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n"/>
</Console>
<ImmudbAppender
name="ImmudbAppender"
storage="immudb"
host="localhost"
port="3322"
username="immudb"
password="immudb"
database="defaultdb"
table="log4j_logs"
/>
<!-- or, if you want to send logs to immudb vault -->
<ImmudbAppender
name="ImmudbAppender"
storage="immudb-vault"
writeToken="<your-immudb-vault-write-token>"
/>
</Appenders>
<Loggers>
<Root level="debug">
<AppenderRef ref="ImmudbAppender"/>
<AppenderRef ref="ConsoleAppender"/>
</Root>
</Loggers>
</Configuration>
Key Points of the Configuration:
- Console Appender: This is a standard appender that outputs logs to the console. It's helpful for real-time monitoring.
- Immudb Appender: This appender is responsible for sending your logs to immudb. You need to configure the connection details like the host, port, username, and database.
- Immudb Vault Appender: If you prefer to use immudb vault for added security, you can configure this appender by providing your immudb vault write token.
Fetching Stored Logs
After your logs are securely stored, you can retrieve them using either immudb vault’s HTTP API or immudb’s SQL-like query language. Below are some examples of how to fetch logs based on different criteria.
1. Retrieving Logs with a Specific Level
If you want to filter logs by a specific severity level, such as INFO
, you can use the following commands:
- immudb Vault:
curl -X 'POST' 'https://vault.immudb.io/ics/api/v1/ledger/default/collection/default/documents/search'
-H 'accept: application/json'
-H 'X-API-Key: <your-write-token>'
-H 'Content-Type: application/json'
-d '{"page":1,"perPage":100, "query": {"expressions": [{"fieldComparisons": [{"field": "level", "operator": "EQ", "value": "INFO"}]}]}}
- immudb:
SELECT data FROM log4j_logs WHERE data->'level' = 'INFO';
2. Filtering Logs by Timestamp
To filter logs based on a specific time period, you can query immudb or immudb vault using the following commands. Replace 1723293743
with your desired epoch timestamp.
- immudb Vault:
curl -X 'POST' 'https://vault.immudb.io/ics/api/v1/ledger/default/collection/default/documents/search'
-H 'accept: application/json' -H 'X-API-Key: <your-write-token>'
-H 'Content-Type: application/json'
-d '{"page":1,"perPage":100, "query": {"expressions": [{"fieldComparisons": [{"field": "instant.epochSecond", "operator": "GT", "value": 1723293743}]}]}}
- immudb:
SELECT data FROM log4j_logs WHERE data->'instant'->'epochSecond' > 1723293743;
3. Selecting Logs Containing a Specific Message
If you need to find logs that contain a specific message or text pattern, the following queries will help. This is especially useful for tracking specific events or errors.
- immudb Vault:
curl -X 'POST' 'https://vault.immudb.io/ics/api/v1/ledger/default/collection/default/documents/search'
-H 'accept: application/json' -H 'X-API-Key: <your-write-token>'
-H 'Content-Type: application/json'
-d '{"page":1,"perPage":100, "query": {"expressions": [{"fieldComparisons": [{"field": "message", "operator": "LIKE", "value": ".*immudb.*"}]}]}}
- immudb:
SELECT data->'message' FROM log4j_logs WHERE data->'message' LIKE '.*immudb.*';
Summary
Securing your logs and ensuring they are tamperproof is now more accessible than ever with the immudb-log4j-appender
. By integrating this plugin into your Log4j setup, you can automatically send logs to immudb or immudb vault, protecting them from unauthorized access and ensuring their integrity. We encourage you to try out the plugin, explore its capabilities, and share your use cases or any issues you encounter with us!