You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@logging.apache.org by "Ralph Goers (Jira)" <ji...@apache.org> on 2021/01/05 15:39:00 UTC

[jira] [Commented] (LOG4J2-2988) SocketAppender is not able to reload key and certs

    [ https://issues.apache.org/jira/browse/LOG4J2-2988?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17259007#comment-17259007 ] 

Ralph Goers commented on LOG4J2-2988:
-------------------------------------

Your analysis is correct. Frankly, what you are doing isn't something that was ever considered. Although your request is reasonable I am not sure when any of us will get to this. Patches are welcome.

> SocketAppender is not able to reload key and certs
> --------------------------------------------------
>
>                 Key: LOG4J2-2988
>                 URL: https://issues.apache.org/jira/browse/LOG4J2-2988
>             Project: Log4j 2
>          Issue Type: Bug
>          Components: Appenders
>    Affects Versions: 2.13.3
>         Environment: java version, 11.0.9+11
> Log4j2 2.13.3
>            Reporter: Yi
>            Priority: Major
>
> Hi,
> We try to use log4j2 with SocketAppender and SSL configuration to stream our logs to a dedicated server side. We use mTLS to establish a TLS connection between the Log4j2 and the log server. In other words, there are client key pair and certificate. In our environment, our client certificate is short lived and the client key and certificate are automatically renewed periodically.´And the client credentials are provided within a jks file.
> However, we discovered a problem is that Log4j2 is not able to reload the key and certificate once they are renewed, either with an updating on the current jks file, or switching to another jks file.
> We have tried to set monitor-interval in Configuration part, periodically modify the log4j2 configuration file(e.g., update keystore file path, update appender name etc.), and even invoke reconfiguration in our code but unfortunately the key and certificate are not reloaded correctly.
> We understand Log4j2 SslSocketManager and its parent TcpSocketManager basically keeps a long-lived connection with the server and does not start a new connection if the current one works fine. We observe the problem that once the server tears down the connection, Log4j2 is not able to restablish a connection due to the out-dated client certificate.
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)