Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Chaning the log file

 
Arjun Shastry
Ranch Hand
Posts: 1898
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
There is one (java)application which writes data(like Credit card number) to log file in text format.After log file size reaches 10MB, application creates new log file App.log.1,App.log.2...) We want to hide this Credit card number and customer details in log file.One(and better) way is to change the code in that application which writes this Customer data.This application is run once a week by administrator to generate report .
Unfortunately there is no owner for this application(Its been there since 2001/2002 and code does not have any comments)!!.So we don't want to touch this code.
What are alternatives to this? Operating System is Solaris. We are thinking of writing Shell Script/AWK so that this script will monitor the log file and hide the Cutomer details in log file by changing the log content.This doesn't seem fully secure though.

 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If the logging statements have side effects (the only reason anyone should be scared to touch a *log statement*), then your problems are deeper than the logging statements. Likewise, if you're unable or unwilling to recompile and redeploy the project, you have a *serious* problem if this is an application central to your business.

Fix the log statements.
 
Arjun Shastry
Ranch Hand
Posts: 1898
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks.Application is not central.Basically it generates the reports on weekly basis.But as per new policy, all customer sensative data should not be visible.This reporting application has more than 300 java classes!!. Iam waiting for source code.
 
Rob Spoor
Sheriff
Pie
Posts: 20529
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Arjun Shastry wrote:Iam waiting for source code.

http://faq.javaranch.com/java/DoYourOwnHomework
http://faq.javaranch.com/java/NotACodeMill
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're waiting for what source code?
 
Arjun Shastry
Ranch Hand
Posts: 1898
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The complete source code of the application which logs the data is not yet available to us.and whatever code available is without any comments.
( I am not asking here for any code!! )
 
Paul Clapham
Sheriff
Posts: 21107
32
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Why are you waiting for the source code? It's your application, isn't it? Just get a decompiler and make your own source code.
 
Anurag Blore
Ranch Hand
Posts: 74
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Arjun,

If its a credit card/customer information and some how if you modify the original log file then the original application log will be lost. If you duplicate the log file and use awk or something from unix to change the log file then still you will have issues as you will be duplicating the customer info. Can you check what is the log level in your app where you can setup some option to print only exceptions. If not then as everyone suggested you must change the code. This must have become an issue after some type of audit or compliance I guess.
 
Arjun Shastry
Ranch Hand
Posts: 1898
1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
"This must have become an issue after some type of audit or compliance I guess"

yes. Decompiling and checking how logging is done is better option.
 
salvin francis
Bartender
Posts: 1274
10
Eclipse IDE Google Web Toolkit Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
better read the license agreement before decompiling
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic