DEV Community

Franz Wong
Franz Wong

Posted on

Lots of debug log is written after commons-logging is upgraded to 1.3.0

Background

The default log level of our applications is DEBUG because we aim to separate informative logs from diagnostic logs.

Recently, we received a vulnerability warning from commons-configuration2, prompting us to update the version. After the update, the application runs fine; however, the size of our log has grown from hundreds of kilobytes to a few gigabytes.

Investigation

The update of commons-configuration2 also upgraded commons-logging to version 1.3.0, which includes log4j-jcl. Previously, log4j-jcl was a standalone dependency. Now, all dependencies in our application (mainly commons-beanutils) are capable of writing logs through log4j loggers.

Solution

We modified log4j2.xml to suppress the excessive logging by package. In the long term, we may need to introduce a custom log level between INFO and DEBUG as our default log level; and have a fine grained logging configuration.

Billboard image

The Next Generation Developer Platform

Coherence is the first Platform-as-a-Service you can control. Unlike "black-box" platforms that are opinionated about the infra you can deploy, Coherence is powered by CNC, the open-source IaC framework, which offers limitless customization.

Learn more

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay