[log4j2 log framework] sensitive character filtering

0、 background

zookeeper The logging framework used by the server was replaced by log4j2,zk Of sessionid It is also evaluated as sensitive information by the big man in charge of security , Can't print directly , So we should think of a quick solution without modifying the source code sessionid Print the method of shielding .

1、log4j2 Of replace function

Many logging frameworks have the function of filtering and replacing ,log4j2 No exception , Support regular substitution .
First look at zk Of sessionid Generation method

sessionid High order for service id, In the middle is the timestamp , The low order is an increasing sequence , The maximum value is Long The maximum of .

log4j2.properties Of pattern Add regular expression in

appender.rolling.layout.pattern = %d %p %c{
    1.} [%t] %replace{
    %msg}{
    0x[a-f0-9]{
    15,}|0x0}{
    0x*} -%replace{
    %ex}{
    0x[a-f0-9]{
    15,}|0x0}{
    0x*}%n
appender.rolling.layout.alwaysWriteExceptions=false

It's not just replace 了 msg, also replace 了 ex, because log4j2 Exceptions in are distinguished separately , Both the normal log and the exception log may appear sessionid, So at the same time msg and ex To configure replace.appender.rolling.layout.alwaysWriteExceptions On by default , Since it's already in pattern Configuration of the ex It's going to close alwaysWriteExceptions.
Finally, it perfectly replaces all sessionid by 0x*