views:

537

answers:

1

For those who are developing applications that are under PCI scope, where the guidance suggests that you should store your application logs on another tier, remoting to a syslog server elsewhere feels like a best practice.

The question becomes, what should the PatternLayout look like that best enables folks to review their logs at least daily?

A: 

Depends on how they want to do their log reviews.

I would suggest a slightly different twist. Flatten the log events to an XML format (e.g. the log4j XMLLayout) and save the resulting XML-fragments.

This can then later be post processed easily, for instance by Log Parser

http://www.microsoft.com/technet/scriptcenter/tools/logparser/default.mspx

Thorbjørn Ravn Andersen
Not sure that this helps when trying to use the syslogAppender...
jm04469
Syslog is the standard Unix method to do network logging. If you want a more native Java way to do this, most logging frameworks have the equivalent functionality in terms of a SocketAppender and a receiving program.
Thorbjørn Ravn Andersen