Log4j

Apache Log4j is a Java-based logging utility originally written by Ceki Gülcü. It is part of the Apache Logging Services, a project of the Apache Software Foundation. Log4j is one of several Java logging frameworks.
Gülcü has since created SLF4J, Reload4j, and Logback which are alternatives to Log4j.
The Apache Log4j team developed Log4j 2 in response to the problems of Log4j 1.2, 1.3, java.util.logging and Logback, addressing issues which appeared in those frameworks. In addition, Log4j 2 offered a plugin architecture which makes it more extensible than its predecessor. Log4j 2 is not backwards compatible with 1.x versions, although an "adapter" is available. On August 5, 2015, the Apache Logging Services Project Management Committee announced that Log4j 1 had reached end of life and that users of Log4j 1 were advised to upgrade to Apache Log4j 2. On January 12, 2022, a forked and renamed log4j version 1.2 was released by Ceki Gülcü as Reload4j version 1.2.18.0 with the aim of fixing the most urgent issues in log4j 1.2.17 that had accumulated since its release in 2013.
On December 9, 2021, a zero-day vulnerability involving arbitrary code execution in Log4j 2 was published by the Alibaba Cloud Security Team and given the descriptor "Log4Shell". It has been characterized by Tenable as "the single biggest, most critical vulnerability of the last decade".

Apache Log4j 2

Apache Log4j 2 is the successor of Log4j 1 which was released as GA version in July 2015. The framework was rewritten from scratch and has been inspired by existing logging solutions, including Log4j 1 and java.util.logging. The main differences from Log4j 1 are:

Improved reliability. Messages are not lost while reconfiguring the framework like in Log4j 1 or Logback
Extensibility: Log4j 2 supports a plugin system to let users define and configure custom components
Simplified configuration syntax
Support for xml, json, yaml and properties configurations
Improved filters
Property lookup support for values defined in the configuration file, system properties, environment variables, the ThreadContext Map, and data present in the event
Support for multiple APIs: Log4j 2 can be used with applications using the Log4j 2, Log4j 1.2, SLF4J, Commons Logging and java.util.logging APIs.
Custom log levels
Java 8-style lambda support for "lazy logging"
Markers
Support for user-defined Message objects
"Garbage-free or low garbage" in common configurations
Improved speed
Improved support for Linux

One of the most recognized features of Log4j 2 is the performance of the "Asynchronous Loggers". Log4j 2 makes use of the LMAX Disruptor. The library reduces the need for kernel locking and increases the logging performance by a factor of 12. For example, in the same environment Log4j 2 can write more than 18,000,000 messages per second, whereas other frameworks like Logback and Log4j 1 just write < 2,000,000 messages per second.

Features

Log4j log levels

The following table defines the built-in log levels and messages in Log4j, in decreasing order of severity. The left column lists the log level designation in Log4j and the right column provides a brief description of each log level.

Level	Description
OFF	The highest possible rank and is intended to turn off logging.
FATAL	Severe errors that cause premature termination. Expect these to be immediately visible on a status console.
ERROR	Other runtime errors or unexpected conditions. Expect these to be immediately visible on a status console.
WARN	Use of deprecated APIs, poor use of API, 'almost' errors, other runtime situations that are undesirable or unexpected, but not necessarily "wrong". Expect these to be immediately visible on a status console.
INFO	Interesting runtime events. Expect these to be immediately visible on a console, so be conservative and keep to a minimum.
DEBUG	Detailed information on the flow through the system. Expect these to be written to logs only. Generally speaking, most lines logged by your application should be written as DEBUG.
TRACE	Most detailed information. Expect these to be written to logs only. Since version 1.2.12.

Custom log levels

Log4j 2 allows users to define their own log levels. A source code generator tool is provided to create Loggers that support custom log levels identically to the built-in log levels. Custom log levels can either complement or replace the built-in log levels.

Log4j configuration

Log4j can be configured through a configuration file or through Java code. Configuration files can be written in XML, JSON, YAML, or properties file format. Three main components can be defined: Loggers, Appenders, and Layouts. Configuring logging via a file has the advantage that logging can be turned on or off without modifying the application that uses Log4j. The application can be allowed to run with logging off until there's a problem, for example, and then logging can be turned back on simply by modifying the configuration file.
Loggers are named log message destinations. They are the names that are known to the Java application. Each logger is independently configurable as to what level of logging it currently logs. In early versions of Log4j, these were called category and priority, but now they're called logger and level, respectively. A Logger can send log messages to multiple Appenders.
The actual outputs are done by Appenders. There are numerous Appenders available, with descriptive names, such as FileAppender, RollingFileAppender, ConsoleAppender, SocketAppender, SyslogAppender, and SMTPAppender. Log4j 2 added Appenders that write to Apache Flume, the Java Persistence API, Apache Kafka, NoSQL databases, Memory-mapped files, Random Access files and ZeroMQ endpoints. Multiple Appenders can be attached to any Logger, so it's possible to log the same information to multiple outputs; for example to a file locally and to a socket listener on another computer.
Appenders use Layouts to format log entries. A popular way to format one-line-at-a-time log files is PatternLayout, which uses a pattern string, much like the C / C++ function printf. There are also HTMLLayout and XMLLayout formatters for use when HTML or XML formats are more convenient, respectively. Log4j 2 added Layouts for CSV, Graylog Extended Log Format, JSON, YAML and RFC-5424.
In Log4j 2, Filters can be defined on configuration elements to give more fine-grained control over which log entries should be processed by which Loggers and Appenders. In addition to filtering by log level and regular expression matching on the message string, Log4j 2 added burst filters, time filters, filtering by other log event attributes like Markers or Thread Context Map and JSR 223 script filters.
To debug a misbehaving configuration:

In Log4j 2 configurations set the status attribute to TRACE to send internal status logging output to standard out. To enable status logging before the configuration is found, use the Java VM property -Dorg.apache.logging.log4j.simplelog.StatusLogger.level=trace.
In Log4j 1, use the Java VM property -Dlog4j.debug.

To find out where a log4j2.xml configuration file was loaded from inspect getClass.getResource.
There is also an implicit "unconfigured" or "default" configuration of Log4j, that of a Log4j-instrumented Java application which lacks any Log4j configuration. This prints to stdout a warning that the program is unconfigured, and the URL to the Log4j web site where details on the warning and configuration may be found. As well as printing this warning, an unconfigured Log4j application will only print ERROR or FATAL log entries to standard out.

Example for Log4j 2

target/test.log

%d %p %c %m%n

Example for Log4j 1.2

value="%d %5p %c:%L - %m%n" />