-
Notifications
You must be signed in to change notification settings - Fork 50
Dynamic Log Levels
Dynamic Log Levels enable application developers to change the log level during the runtime of the application. No changes of the configuration file is required.
cf-java-logging-support supports setting a specific log level for one single request by adding a token in the request header. This feature allows to understand misbehavior of a live-system in detail for a specific request, without flooding the system with an enormous number of DEBUG level log messages emitted during the processing of all other requests. This approach has the advantage that no unnecessary log messages need to be processed that might lead to quota exceedance. To avoid abuse of this feature, the dynamic log level has to be provided within an RSA-signed JWT token that also contains an expiry date.
There is a simple extension point to enable custom implementation of different approaches to dynamic log levels. This feature is described at the end of this article.
This feature is easy to use and requires only little extra configuration of the application. It is available with version 2.1.1 of the cf-java-logging-support or higher. Depending on the logging framework in use, few additions have to be made to the logback.xml or the log4j2.xml file as described below. Regardless of the framework, the public RSA key required to verify the JWT token's signature must be provided in the application's environment variables. Furthermore an individually chosen name for the HTTPS header field can also be specified here.
-
DYN_LOG_HEADER: a specific header name for the log level token can be defined here. If not specified, the default value (SAP-LOG-LEVEL) is used. -
DYN_LOG_LEVEL_KEY: a public key which can be used to verify the JWT tokens that contain the dynamic log level.
In the logback.xml file, a turbofilter has to be defined by adding the following line to the configuration element:
<turboFilter class="com.sap.hcp.cf.logback.filter.CustomLoggingTurboFilter" />In the log4j2.xml file, add the following to the configuration element:
<DynamicThresholdFilter key="dynamic_log_level"
defaultThreshold="ERROR" onMatch="ACCEPT" onMismatch="DENY">
<KeyValuePair key="TRACE" value="TRACE" />
<KeyValuePair key="DEBUG" value="DEBUG" />
<KeyValuePair key="INFO" value="INFO" />
<KeyValuePair key="WARN" value="WARN" />
<KeyValuePair key="ERROR" value="ERROR" />
</DynamicThresholdFilter>A valid JWT token should be signed with RS256. Its payload should contain the email of the issuer, the desired log-level, a timestamp for the time at which the token has been generated and a timestamp that represents the expiry date. The Java class TokenCreator can be used to create valid tokens.
{
"alg": "RS256",
"typ": "JWT"
}{
"issuer": "<valid e-mail address>",
"level": "TRACE",
"iat": 1506016127,
"exp": 1506188927
}Dynamic Log Levels are managed by the MDC field "dynamic-log-level". The value of this field is checked by the configured filters of the above configuration. If present, any log messages with a level equal or above this value is emitted regardless of the logger.
To provide an alternative approach to dynamic log levels, all you have to do is to put the current log level in the MDC field "dynamic-log-level". The configuration from above will ensure, that this log level is then applied to all log messages.