THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
Status
Current state: Accepted
Discussion thread: thread
JIRA: KAFKA-9366
Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).
Motivation
In May 2012, the log4j dev team released log4j 1.2.17 and stopped their support to 1.x releases. And from then on, Apache Kafka is still using it in its core and the other subprojects.
The problem caused by the obsolete log4j version is not limited to security problems like CVE-2019-17571. Most users are now familiar with log4j2 configurations, not log4j. But when they want to customize the logging configuration of Apache Kafka, Kafka Connect, and Kafka Streams application, they have to work with outdated, dismissed old configuration format.
Public Interfaces
This KIP proposes the following:
- Replace log4j 1.x dependency into 2.x, with converting all 1.x API calls with 2.x equivalents.
- Provide a way to use log4j2 configuration, with backward compatibility to log4j.
Proposed Changes
1. Core
For backward compatibility, Kafka broker will use the log4j configuration file by default. But for informational purpose, the following message will be shown in default mode:
DEPRECATED: using log4j 1.x configuration. To use log4j 2.x configuration, run with: 'export KAFKA_LOG4J_OPTS="-Dlog4j.configurationFile=file:$base_dir/../config/log4j2.properties"'
As the message above states, the user can run Kafka broker with log4j2 config file by setting `export KAFKA_LOG4J_OPTS="-Dlog4j.configurationFile={log4j2-config-file-path}"`. Thanks to log4j12-api, a compatibility bridge between log4j and log4j2, Kafka broker can be run without any changes. Since a log4j2 equivalent for traditional built-in log4j config (log4j2.properties) will be provided, the user can make use of it if they want.
The test logging configuration (src/test/resources/log4j.properties) will be updated into log4j2. In this case, we don't care about the backward-compatibility.
2. Client
The test logging configuration (src/test/resources/log4j.properties) will be updated into log4j2.
3. Connect
Like core, connect will use the log4j configuration file by default. it will show the following message also if it is in default mode:
DEPRECATED: using log4j 1.x configuration. To use log4j 2.x configuration, run with: 'export KAFKA_LOG4J_OPTS=\"-Dlog4j.configurationFile=file:$base_dir/../config/connect-log4j2.properties\"'
A log4j2 equivalent for traditional log4j config (connect-log4j2.properties) will be also provided, like other subprojects.
The test logging configuration (src/test/resources/log4j.properties) will be updated into log4j2, also.
4. Streams
Archetype log4j configuration will be updated into log4j2 equivalent (log4j2.properties).
5. Log4j-appender
Log4j-appender is the only module that does not affected by this update, since it provides a log4j 1.x appender.
Its log4j2 counterpart should be provided in near future. However, it is above the scope of this KIP.
6. Tools
Like core and connect, it will run with log4j configuration by default, but the users can use it by setting `export KAFKA_LOG4J_OPTS="-Dlog4j.configurationFile={log4j2-config-file-path}"`. A log4j2 equivalent for traditional log4j config (tools-log4j2.properties) will also be provided.
7. ETC
All template properties for test scripts (see tests/ directory) will be updated into log4j2 equivalent.
Compatibility, Deprecation, and Migration Plan
1. Core
At some time or other,the default logging configuration format will be switched into log4j2. However, without removing log4j12-api it can also support log4j configuration format. In that point, The informational message will be also changed into:
Using log4j 2.x configuration. To use log4j 1.x configuration, run with: 'export KAFKA_LOG4J_OPTS="-Dlog4j.configuration=file:$base_dir/../config/log4j.properties"'
2. Client
None.
3. Connect
Same to core.
4. Strams
None.
5. Log4j-appender
This subproject will be remained for backward-compatibility, when the default logging format is changed into log4j2. Instead, its log4j2 counterpart, log4j2-appender, will be provided at that moment.
6. Tools
Same as core and connect.
7. ETC
None.
Rejected Alternatives
None.