You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@logging.apache.org by "Yi Gong (Jira)" <ji...@apache.org> on 2021/01/05 09:50:00 UTC
[jira] [Created] (LOG4J2-2988) SocketAppender is not able to reload
key and certs
Yi Gong created LOG4J2-2988:
-------------------------------
Summary: SocketAppender is not able to reload key and certs
Key: LOG4J2-2988
URL: https://issues.apache.org/jira/browse/LOG4J2-2988
Project: Log4j 2
Issue Type: Bug
Components: Appenders
Affects Versions: 2.13.3
Environment: java version, 11.0.9+11
Log4j2 2.13.3
Reporter: Yi Gong
Hi,
We try to use log4j2 with SocketAppender and SSL configuration to stream our logs to a dedicated server side. We use mTLS to establish a TLS connection between the Log4j2 and the log server. In other words, there are client key pair and certificate. In our environment, our client certificate is short lived and the client key and certificate are automatically renewed periodically.´And the client credentials are provided within a jks file.
However, we discovered a problem is that Log4j2 is not able to reload the key and certificate once they are renewed, either with an updating on the current jks file, or switching to another jks file.
We have tried to set monitor-interval in Configuration part, periodically modify the log4j2 configuration file(e.g., update keystore file path, update appender name etc.), and even invoke reconfiguration in our code but unfortunately the key and certificate are not reloaded correctly.
We understand Log4j2 SslSocketManager and its parent TcpSocketManager basically keeps a long-lived connection with the server and does not start a new connection if the current one works fine. We observe the problem that once the server tears down the connection, Log4j2 is not able to restablish a connection due to the out-dated client certificate.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)