janusgraph-users@lists.lfaidata.foundation | Logging in Janusgraph 0.6.3

Home Messages Hashtags Subgroups Calendar

Date Date 1 - 3 of 3

Logging in Janusgraph 0.6.3

Mladen Marović #6686 Hello, yesterday I tried to upgrade some Janusgraph instances from 0.5.3 to 0.6.2 first and then to 0.6.3. The 0.6.2 upgrade was successful, but after upgrading to 0.6.3, I noticed that the default SLF4J binding changed between these two versions. This is shown in the following log excerpts: 0.6.2: `SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/home/m3p/janusgraph/janusgraph-0.6.2/lib/slf4j-log4j12-1.7.30.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/home/m3p/janusgraph/janusgraph-0.6.2/lib/logback-classic-1.1.3.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]` 0.6.3: SLF4J: Class path contains multiple SLF4J bindings. SLF4J: Found binding in [jar:file:/home/m3p/janusgraph/janusgraph-0.6.3/lib/logback-classic-1.2.11.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: Found binding in [jar:file:/home/m3p/janusgraph/janusgraph-0.6.3/lib/slf4j-reload4j-1.7.36.jar!/org/slf4j/impl/StaticLoggerBinder.class] SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation. SLF4J: Actual binding is of type [ch.qos.logback.classic.util.ContextSelectorStaticBinder] As a result, logback was used instead of log4j and by default the log level was set to DEBUG and redirected to STDOUT. From what I've seen in `janusgraph-server.sh`, it builds the classpath by adding the `slf4j-log4j12` binding first to ensure that SLF4J uses log4j by default: `if [[ -z "$CP" ]];then # Initialize classpath to $JANUSGRAPH_CFG CP="${JANUSGRAPH_CONF}" # Add the slf4j-log4j12 binding CP="$CP":$(find -L $JANUSGRAPH_LIB -name 'slf4j-log4j12.jar' \| sort \| tr '\n' ':')` However, in Janusgraph 0.6.3 there is no `slf4j-log4j12` jar (replaced by `reload4j`) so this snippet above does not work and SLF4j resolves to logback. If I modify `janusgraph-server.sh` by adding the following: `CP="$CP":$(find -L $JANUSGRAPH_LIB -name 'slf4j-reload4j.jar' \| sort \| tr '\n' ':')` everything works again. Alternatively, I could delete the `logback-classic` jar, but I don't think that's an elegant solution. Is this a bug or an intended change? I haven't seen any additional upgrade instructions for 0.6.3 commenting this. Best regards, Mladen Marović
More All Messages By This Member
hadoopmarc@... #6687 Hi Mladen, I guess this behviour was introduced in https://github.com/JanusGraph/janusgraph/pull/3217. Note that there are many vulnerability issues with log4j: https://mvnrepository.com/artifact/log4j/log4j This it makes it unlikely that your suggestion would make it into a possible 0.6.4. The current 1.0.0.rc2 uses log4j2 and it is not shipped with slf4j-reload4j, but the janusgraph-server.sh script starts with log4j by default, anyway. The specific line you found is still present, though, which is weird. So you can provide it as feedback on 1.0.0.rc2, see https://lists.lfaidata.foundation/g/janusgraph-users/topic/announce_janusgraph_1_0_0/97263880 Best wishes, Marc
More All Messages By This Member
Florian Hockmann #6736 Hi, I just looked into this and want to keep everyone in the loop here who might not be following our GitHub issues where I also just described my findings: https://github.com/JanusGraph/janusgraph/issues/3681#issuecomment-1523617456 --- It looks to me like the issue was introduced by an update of Slf4j in #2967 which included a commit with the message: relocate slf4j-log4j12 as slf4j-reload4j. That's probably why Log4j isn't present anymore in the `lib` directory which resulted in Slf4j using Logback by default. This switch wasn't intended as it was basically a breaking change since existing Log4j config files weren't used any more. Switching to Reload4j seems like the best option to me here as it reverts this breaking change and still avoids the security issues of Log4j. --- I created a PR to switch the default logging library to Relaod4j just like Mladen suggested: https://github.com/JanusGraph/janusgraph/pull/3745 The PR of course needs to be reviewed, but I think that we can fix this with the upcoming 0.6.4 release. Regards, Florian Von: janusgraph-users@... <janusgraph-users@...> Im Auftrag von hadoopmarc@... Gesendet: Samstag, 4. März 2023 13:47 An: janusgraph-users@... Betreff: Re: [janusgraph-users] Logging in Janusgraph 0.6.3 Hi Mladen, I guess this behviour was introduced in https://github.com/JanusGraph/janusgraph/pull/3217. Note that there are many vulnerability issues with log4j: https://mvnrepository.com/artifact/log4j/log4j This it makes it unlikely that your suggestion would make it into a possible 0.6.4. The current 1.0.0.rc2 uses log4j2 and it is not shipped with slf4j-reload4j, but the janusgraph-server.sh script starts with log4j by default, anyway. The specific line you found is still present, though, which is weird. So you can provide it as feedback on 1.0.0.rc2, see https://lists.lfaidata.foundation/g/janusgraph-users/topic/announce_janusgraph_1_0_0/97263880 Best wishes, Marc
More All Messages By This Member

1 - 3 of 3

1

Previous Topic Next Topic

Home Hashtags Subgroups Calendar Terms