The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning. Learn more →
Top 18 Log4j2 Open-Source Projects
-
Apache Log4j 2
Apache Log4j 2 is a versatile, feature-rich, efficient logging API and backend for Java.
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
log4j-finder
Find vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
blacklite
"Fast as internal ring buffer" Logback/Log4J2 appender using SQLite with zstandard dictionary compression and rollover.
-
Log4JShell-Bytecode-Detector
Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
-
Log4jPatcher
A mitigation for CVE-2021-44228 (log4shell) that works by patching the vulnerability at runtime. (Works with any vulnerable java software, tested with java 6 and newer)
-
log4shelldetect
Rapidly scan filesystems for Java programs potentially vulnerable to Log4Shell (CVE-2021-44228) or "that Log4j JNDI exploit" by inspecting the class paths inside files
-
log4jshield
Log4j Shield - fast âš¡, scalable and easy to use Log4j vulnerability CVE-2021-44228 finder and patcher
-
log4j2-rce-poc
A bare minimum proof-of-concept for Log4j2 JNDI RCE vulnerability (CVE-2021-44228/Log4Shell).
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Project mention: Hackers exploited Windows 0-day for 6 months after Microsoft knew of it | news.ycombinator.com | 2024-03-05I don't think that's a good example. While Apache devs are volunteers and Microsoft devs are employees, they were criticized for their slow response time and seeming lack of urgency until it was far too late.
https://github.com/apache/logging-log4j2/pull/608#issuecomme...
Project mention: Methods and processes for reduce bugs in production | news.ycombinator.com | 2023-08-24>As now we've introduced some peers code review, automatic testing on most critical stuff (but since the codebase sucks these aren't really reliable tests)
They may not be "reliable", but these are your safety net, or harness, so you don't fall. I wrote about similar issues, for instance here: https://news.ycombinator.com/item?id=26591067 and, given your promotion, here: https://news.ycombinator.com/item?id=37211796. It contains a few steps starting from "So...".
You can add monitoring, something like Sentry (https://sentry.io) will capture exceptions that were not handled that you have not seen because the stack trace is buried in hundreds of pages of logs or something. It groups them by exception and counts them. It's pretty awesome. (https://docs.sentry.io). It supports around 108 platforms (Java, Python, JavaScript, etc.). This lets you see the exceptions and makes prioritizing easier (which ones are the most frequent, which ones impact the most, etc.).
If you don't have them already, issue templates are really useful and the comment I linked to explains why, but here's an example of an issue template (again, you can configure them for different types of issues so team members select from a dropdown for a bug or a feature):
I had the same challenge deciding what option would be the beste and attempted to solve it with an mini library which just attempts slf4j, log4j2 and fallbacks to java itil logging. It was useful for this kind of situation, not quite sure whether it is useful for others though... see here for more https://github.com/Hakky54/yaslf4j
Log4j2 related posts
- find what log4j version windows server 2019 running
- Update latest bios legion 5 pro?
- Log4J Network Scanning/Detection on a 100k+ Node Network
- Detecting log4j on macos with Microsoft PowerShell
- Any free tool to scan for Log4Shell and Log4j vulnerabilities?
- Help using command line scanner for Logj4 vulnerabilities
- Log4jscanner by Google
-
A note from our sponsor - WorkOS
workos.com | 28 Apr 2024
Index
What are some of the best open-source Log4j2 projects? This list will help you:
Project | Stars | |
---|---|---|
1 | Apache Log4j 2 | 3,268 |
2 | sentry-java | 1,097 |
3 | CVE-2021-44228-Scanner | 854 |
4 | log4j-finder | 435 |
5 | local-log4j-vuln-scanner | 383 |
6 | LogCaptor | 339 |
7 | Log4j-RCE-Scanner | 255 |
8 | log4j-sniffer | 193 |
9 | Log4Shell-IOCs | 184 |
10 | blacklite | 61 |
11 | Log4JShell-Bytecode-Detector | 50 |
12 | Log4jPatcher | 46 |
13 | log4shelldetect | 44 |
14 | mdc4spring | 16 |
15 | log4jshield | 14 |
16 | log4j2-rce-poc | 3 |
17 | echopraxia-plusscala | 3 |
18 | yaslf4j | 1 |
Sponsored