Skip to content
augustd edited this page Dec 16, 2014 · 1 revision

Markers are a feature of the SLF4J API that allow developers to enrich log statements with customizable attributes. The OWASP Security Logging API provides a standard set of markers to tag log statements with security-related events. Markers can be used for automatic filtering and Masking of log statements at output time.

The SecurityMarkers class provides the following security-related markers:

  • SECURITY_SUCCESS - Used to indicate that a security check was successful (e.g. a successful login)
  • SECURITY_FAILURE - Used to indicate that a security check failed (e.g. user access denied)
  • SECURITY_AUDIT - Used to record security events for audit (e.g. account accesses, new user registration, etc)

In addition, the following information classification labels are provided:

  • RESTRICTED
  • CONFIDENTIAL
  • SECRET
  • TOP_SECRET

For completeness, the API includes following non-security markers, though in practice many developers will probably ignore tagging of non-security events:

  • EVENT_SUCCESS - A non-security event that succeeded
  • EVENT_FAILURE - A non-security event that failed

Markers are added to log statements by providing them as additional parameters to the standard log methods:

//a normal log statement
log.debug("some normal event");
//a security event
log.info(SecurityMarkers.SECURITY_AUDIT, "user {} logged out", username);

You can also add multiple markers:

Marker multi = SecurityMarkers.getMarker(SecurityMarkers.SECURITY_SUCCESS, SecurityMarkers.CONFIDENTIAL);
log.info(multi, "Transfer {} from {} to {}", amount, fromAccount, toAccount);
Clone this wiki locally