Status

Current state: Under Discussion

Discussion thread: thread

JIRA: KAFKA-9366

Please keep the discussion on the mailing list rather than commenting on the wiki (wiki discussions get unwieldy fast).

Motivation

In May 2012, the log4j dev team released log4j 1.2.17 and stopped their support to 1.x releases. And from then on, Apache Kafka is still using it in its core and the other submodules. Since this release has not only several critical security problems like CVE-2019-17571 but also an obsolete interface, it should be replaced into log4j2.

Public Interfaces

This KIP proposes the following:

1. Replace log4j 1.x dependency into 2.x, with converting all 1.x API calls with 2.x equivalents.
2. Provide a way to use log4j2 configuration, with backward compatibility to log4j.

Proposed Changes

1. Core

For backward compatibility, Kafka broker will use the log4j configuration file by default.

If the user wants to run Kafka broker with lgo4j2 config file, they can do it by setting `export KAFKA_LOG4J_OPTS="-Dlog4j.configurationFile={log4j2-config-file-path}"`. A log4j2 equivalent for traditional log4j config (log4j2.properties) will be provided.

2. Client

Use log4j2 configuration.

3. Connect

Like core, connect will use the log4j configuration file by default. A log4j2 equivalent for traditional log4j config (connect-log4j2.properties) will be also provided. The users can use it by setting `export KAFKA_LOG4J_OPTS="-Dlog4j.configurationFile={log4j2-config-file-path}"`.

Add to this, the changes between log4j and log4j2 introduces the following changes:

• From log4j2, the name of the root logger becomes empty string from 'root'. It impacts Kafka connect's dynamic logging control feature. (And should be documented.)
• From log4j2, the logging level can't be null; GET `/admin/loggers` has been returning loggers with a non-null level (i.e., includes loggers with OFF level) but from log4j2, it returns the loggers with non-OFF levels only.
  
• If the user sets the root logger with PUT `/admin/loggers/{logger}`, all descendant loggers without the null level were affected. From log4j2, they will be affected since null level is regared as OFF level.

4. Streams

Archetype log4j configuration will be updated into log4j2 equivalent (log4j2.properties).

5. Log4j-appender

Log4j-appender is the only module that does not affected by this update, since it provides a log4j 1.x appender.

Its log4j2 counterpart should be provided in near future. However, it is above the scope of this KIP.

6. Tools

Like core and connect, it will run with log4j configuration by default, but the users can use it by setting `export KAFKA_LOG4J_OPTS="-Dlog4j.configurationFile={log4j2-config-file-path}"`. A log4j2 equivalent for traditional log4j config (tools-log4j2.properties) will also be provided.

7. ETC

All template properties for test scripts (see tests/ directory) will be updated into log4j2 equivalent.

Compatibility, Deprecation, and Migration Plan

1. Core

Thanks to log4j12-api, a compatibility bridge between log4j and log4j2, Kafka broker can be run without any changes; However, if the user runs `bin/kafka-server-start.sh ` or `bin/zookeeper-server-start.sh ` with log4j configuration it will show a deprecation message.

2. Client

None.

3. Connect

Like core, if the user runs 'connect-standalone.sh' or 'bin/connect-distributed.sh' with log4j configuration it will show a deprecation message.

4. Strams

None.

5. Log4j-appender

None.

6. Tools

Same as core and connect; Running 'bin/connect-mirror-maker.sh' with log4j configuration will show a deprecation message.

7. ETC

None.

Rejected Alternatives

None.