Adding audit appender to SLF4J with logback configuration

The audit appender is added to the logback.xml file to configure the creation of audit logs. The audit appender logs all events at the INFO level. Therefore, com.workbrain.security.AuditLogService must be set to the INFO level or lower for the audit logs to be created.

This is an example configuration for the audit log appender that is appropriate for an on-premises deployment. This example uses a rolling file appender to create the audit.log file in the directory specified in the -Dlog.dir Java variable.


<configuration>
    <appender name="audit" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <File>/wfm/auditlogs/audit.log</File>
        <encoder>
            <pattern>[AUDIT] %-5level %d{"yyyy-MM-dd'T'HH:mm:ssX"} [%thread], %message%n</pattern>
        </encoder>
        <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
            <maxIndex>10</maxIndex>
            <FileNamePattern>/wfm/auditlogs/audit.log.%i</FileNamePattern>
        </rollingPolicy>
        <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
            <MaxFileSize>10MB</MaxFileSize>
        </triggeringPolicy>
    </appender>
    <appender name="stdout" class="ch.qos.logback.core.ConsoleAppender">
        <encoder>
            <pattern>%d %-5level %c - %m%n</pattern>
        </encoder>
    </appender>
    <appender name="R" class="ch.qos.logback.core.rolling.RollingFileAppender">
        <!--See also http://logback.qos.ch/manual/appenders.html#RollingFileAppender-->
        <File>/opt/jboss/wildfly/standalone/tmp/wfm-app.log</File>
        <encoder>
            <pattern>%d %-5level %c - %m%n</pattern>
        </encoder>
        <filter class="ch.qos.logback.classic.filter.ThresholdFilter">
            <level>WARN</level>
        </filter>
        <rollingPolicy class="ch.qos.logback.core.rolling.FixedWindowRollingPolicy">
            <maxIndex>5</maxIndex>
            <FileNamePattern>/opt/jboss/wildfly/standalone/tmp/wfm-app.log.%i</FileNamePattern>
        </rollingPolicy>
        <triggeringPolicy class="ch.qos.logback.core.rolling.SizeBasedTriggeringPolicy">
            <MaxFileSize>5000KB</MaxFileSize>
        </triggeringPolicy>
    </appender>
    <logger name="com.workbrain.security.AuditLogService" level="DEBUG">
        <appender-ref ref="audit"/>
    </logger>
    <root level="ERROR">
        <appender-ref ref="stdout"/>
        <appender-ref ref="R"/>
    </root>
</configuration>

The appender configuration does not determine how long logs are retained. Separate methods must be implemented to satisfy requirements around the retention of the logs.