Logs play a big role in understanding the behavior of software systems. They offer a comprehensive record of events, errors, and operational metrics, making it easier to diagnose issues, optimize performance, and ensure the smooth functioning of applications. However, while storing logs is crucial, ensuring their security and integrity is even more important. Tamperproof logs protect against unauthorized access and modifications, preserving the authenticity and reliability of the logged data.
In this post, we'll guide you through the process of securing your logs using the immudb-log4j-appender, a plugin designed for the popular Log4j Java logging framework. This plugin enables you to automatically send logs to immudb and immudb vault, ensuring their security and tamper-resistance.
Before you can start securing your logs, ensure that your project is configured with the necessary dependencies. Once that's in place, configuring Log4j to send logs to immudb or immudb vault is straightforward. Below is a sample configuration to help you get started:
<?xml version="1.0" encoding="UTF-8"?><Configuration status="WARN"><Appenders><Console name="ConsoleAppender" target="SYSTEM_OUT"><PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss} %-5p %c{1}:%L - %m%n"/></Console><ImmudbAppendername="ImmudbAppender"storage="immudb"host="localhost"port="3322"username="immudb"password="immudb"database="defaultdb"table="log4j_logs"/><!-- or, if you want to send logs to immudb vault --><ImmudbAppendername="ImmudbAppender"storage="immudb-vault"writeToken="<your-immudb-vault-write-token>"/></Appenders><Loggers><Root level="debug"><AppenderRef ref="ImmudbAppender"/><AppenderRef ref="ConsoleAppender"/></Root></Loggers></Configuration>
After your logs are securely stored, you can retrieve them using either immudb vault’s HTTP API or immudb’s SQL-like query language. Below are some examples of how to fetch logs based on different criteria.
If you want to filter logs by a specific severity level, such as INFO, you can use the following commands:
curl -X 'POST' 'https://vault.immudb.io/ics/api/v1/ledger/default/collection/default/documents/search' -H 'accept: application/json' -H 'X-API-Key: <your-write-token>' -H 'Content-Type: application/json' -d '{"page":1,"perPage":100, "query": {"expressions": [{"fieldComparisons": [{"field": "level", "operator": "EQ", "value": "INFO"}]}]}}SELECT data FROM log4j_logs WHERE data->'level' = 'INFO';To filter logs based on a specific time period, you can query immudb or immudb vault using the following commands. Replace 1723293743 with your desired epoch timestamp.
curl -X 'POST' 'https://vault.immudb.io/ics/api/v1/ledger/default/collection/default/documents/search' -H 'accept: application/json' -H 'X-API-Key: <your-write-token>' -H 'Content-Type: application/json' -d '{"page":1,"perPage":100, "query": {"expressions": [{"fieldComparisons": [{"field": "instant.epochSecond", "operator": "GT", "value": 1723293743}]}]}}SELECT data FROM log4j_logs WHERE data->'instant'->'epochSecond' > 1723293743;If you need to find logs that contain a specific message or text pattern, the following queries will help. This is especially useful for tracking specific events or errors.
curl -X 'POST' 'https://vault.immudb.io/ics/api/v1/ledger/default/collection/default/documents/search' -H 'accept: application/json' -H 'X-API-Key: <your-write-token>' -H 'Content-Type: application/json' -d '{"page":1,"perPage":100, "query": {"expressions": [{"fieldComparisons": [{"field": "message", "operator": "LIKE", "value": ".*immudb.*"}]}]}}SELECT data->'message' FROM log4j_logs WHERE data->'message' LIKE '.*immudb.*';
Securing your logs and ensuring they are tamperproof is now more accessible than ever with the immudb-log4j-appender. By integrating this plugin into your Log4j setup, you can automatically send logs to immudb or immudb vault, protecting them from unauthorized access and ensuring their integrity. We encourage you to try out the plugin, explore its capabilities, and share your use cases or any issues you encounter with us!