[Esapi-user] Log4j logging in the 1.4 branch

Jim Manico jim.manico at owasp.org
Wed Feb 3 20:24:24 EST 2010

By default, ESAPI 1.4.4 uses the native Java logging classes.

If you would like to change this to use log4j , simply switch the 
following ESAPI parameter to true!


This property was missing from the ESAPI.properties file in the recent 
1.4.4 release, but the functionality is still there.

I just committed a new version of ESAPI.properties on the 1.4 branch 
that includes " LogDefaultLog4J=false" in the logging section. This will 
not change default behavior, but it will make it easier for implementers 
to make the switch to log4j in the 1.4.5+ release and beyond.

And of course, you need to deploy your own log4j configuration files - 
ESAPI does not include those in the release zip.


Jim Manico
OWASP Podcast Host/Producer
OWASP ESAPI Project Manager

More information about the Esapi-user mailing list