1 views collected around this technical thread.
At dawn a sharp alarm reveals a malicious C2 connection in the Linux empire, prompting a frantic hunt through hidden processes, missing logs, and a secret traffic‑analysis system that uncovers a Log4Shell JNDI exploit launched via port 36560, ultimately exposing mis‑configured ElasticSearch and prompting emergency patches.
This article details the correlation between system and business metrics, introduces three generic business‑monitoring platforms (UMP, PFinder, Taishan), defines a unified log format, provides Log4j and Java logging code, and explains alert rule configurations, visualizations, and real‑world incident case studies to improve operational reliability.
This article details the background, design, implementation, and best‑practice guidelines for business‑level monitoring, unified logging formats, log4j configurations, alert rules, and case studies of common issues faced by KA merchants in logistics operations.
This article explains why logging is essential for software maintenance, outlines the purposes, readability, performance, disk‑space and timeliness considerations, describes Log4j components and log‑level hierarchy, and provides concrete code examples for TRACE, DEBUG, INFO, WARN and ERROR logging.
This article analyzes the memory increase observed after enabling Log4j2 asynchronous logging in Java services, examines root causes such as thread‑local reuse and large char[] allocations, and presents configuration and code changes—including disabling thread‑locals and limiting message size—to prevent heap growth and improve performance.
To correctly implement Java logging, choose a compatible framework‑system pair such as SLF4J with Logback, configure Maven dependencies and a rolling Logback XML, use MDC for context, enable dynamic level changes, avoid custom wrappers, and follow a checklist for cleanup and troubleshooting.
This guide explains how to troubleshoot and fix the UnsupportedOperationException caused by missing or outdated ASM libraries when upgrading the JDK, covering removal of old Maven dependencies, adding the correct ASM version, updating Groovy and related plugins, and disabling the Log4j shutdown hook warning.
This article introduces TLog, a zero‑intrusion Java logging library that adds globally unique trace IDs, SpanId and upstream/downstream tags to microservice logs, outlines its key features, multiple integration modes, configuration examples for Log4j and async logging, and shows how to use it with Spring Boot, Spring Native and task frameworks like XXL‑JOB.
After a Java system went live, a disk usage alert exceeding 90% prompted an investigation that uncovered a third‑party jar’s debug‑level Log4j configuration writing large logs to the root directory, and the issue was resolved by excluding the offending jar via Maven, highlighting the need for careful dependency management.
This article explains why logging is essential for maintainable software, outlines best‑practice guidelines for readable, performant, and secure log output, and details Log4j components, log level hierarchy, and practical macro examples for each level.
This article explains why proper logging is essential for software maintenance, outlines the purposes of logs, describes the requirements for readable, performant, and space‑efficient log output, and details Log4j components, log‑level hierarchy, and concrete code examples for TRACE, INFO, DEBUG, WARN, and ERROR logging.
This article explains the importance of proper logging in software, outlines common logging requirements such as readability, performance, disk usage, and timeliness, and details Log4j components, log level definitions, hierarchy, recommended usage, and provides concrete macro and log‑statement examples.
The 2022 Cloud‑Native Threat Report reveals a rise in Kubernetes‑targeted attacks, persistent supply‑chain threats in container images, and active exploitation of the Log4j zero‑day, underscoring the urgent need for specialized security measures in modern cloud‑native environments.
JetBrains announced that the IntelliJ platform will discontinue Log4j and adopt java.util.logging as the standard logging framework, providing migration steps, stub implementations, and security rationale for developers to update their plugins and codebases accordingly.
JetBrains announced that the IntelliJ platform will discontinue Log4j usage, recommending java.util.logging as the standard logging framework, and provides detailed migration steps, security reasons, and version information for developers to adapt their plugins and dependencies.
The article details three Xianyu backend incidents where Full GC pauses caused latency spikes or outages, analyzes root causes ranging from survivor space shortage and mis‑tuned CMS to oversized async Log4j events and massive string‑concatenation logs, and presents remediation steps such as switching to G1GC, adjusting Log4j settings, and using parameterized logging to eliminate the pauses.
The article explains how JNDI works as a configuration and naming service in Java, shows its use with database drivers, and demonstrates how its SPI mechanism can be abused to load remote code, leading to serious security exploits such as the Log4j vulnerability.
Apache Log4j 2.17.0 has been released, addressing CVE‑2021‑45105 and fixing recursive string‑replacement vulnerabilities that could cause StackOverflowError DoS attacks, while also tightening JNDI usage and correcting several configuration and appender issues, with recommended mitigation steps for earlier versions.
Apache Log4j 2.16.0 has been released, offering updated SLF4J adapters, disabling JNDI by default to mitigate CVE‑2021‑44228, removing message lookups, and requiring Java 8+, with detailed upgrade instructions and links to download and issue trackers.
On December 10, a critical remote code execution vulnerability in Apache Log4j 2.x (≤ 2.14.1) was disclosed, allowing attackers to execute arbitrary code via JNDI injection; the article explains the flaw, affected components, detection methods, and urgent remediation measures such as disabling lookups and upgrading to safe versions.