CoreMedia Elastic Social controls and processes personal data. Thus it is important to deal carefully with data logged by applications having Elastic Social enabled. In general it is advisable to turn off any debug logging and below as debug logging events might contain further personal data.

SLF4j Logging Markers

Logging events containing personal data or which might contain personal data are marked with so called SLF4j Logging Markers. There are two markers in BaseMarker dedicated to mark personal data logging events:

Logback Marker Filters

The SLF4j Logging Markers can be used to configure Logback, so that logging events containing personal data can either be ignored or redirected to dedicated files which for example are better secured. To do so, configure Logback Filters.

<appender
    name="personalData"
    class="ch.qos.logback.core.rolling.RollingFileAppender"
    additivity="false">
  <filter
      class="ch.qos.logback.core.filter.EvaluatorFilter">
    <evaluator
        class="ch.qos.logback.classic.boolex.OnMarkerEvaluator">
      <marker>personalData</marker>
    </evaluator>
    <OnMismatch>DENY</OnMismatch>
    <OnMatch>ACCEPT</OnMatch>
  </filter>
  <file>personalData.log</file>
  [...]
</appender>

    

Example 3.1, “Logback Filtering using OnMarkerEvaluator” shows an example which will redirect any personal data logging events to an extra file and remove it from other files. This includes events which contain personal data and those which might contain personal data (unclassified).

<appender
    name="personalData"
    class="ch.qos.logback.core.rolling.RollingFileAppender"
    additivity="false">
  <filter
      class="ch.qos.logback.core.filter.EvaluatorFilter">
    <evaluator>
      <expression><![CDATA[
        return event.getMarker() != null
          && event.getMarker().contains("personalData")
          && !event.getMarker().contains("unclassifiedPersonalData")
        ;
        ]]></expression>
    </evaluator>
    <OnMismatch>DENY</OnMismatch>
    <OnMatch>ACCEPT</OnMatch>
  </filter>
  <file>personalData.log</file>
  [...]
</appender>

    

The Logback default evaluator provides more sophisticated control right within the logging configuration without providing a custom evaluator. Example 3.2, “Logback Filtering using JaninoEventEvaluator (default evaluator)” shows an example how to only filter those events which really contain personal data and ignore those which might contain false positives.

Identifying Elastic Social Applications

In order to adjust the logging configuration for Elastic Social it is important to know which applications have Elastic Social enabled. To identify these applications you can search for transitive dependencies on any of the Elastic Social modules with Maven groupId com.coremedia.elastic.social. Example 3.3, “Elastic Social Applications Search” shows how you might find such usages based on GNU Grep and xargs.

$ grep --recursive --files-with-matches --ignore-case \
    --include "pom.xml" "<packaging>war</packaging>" | \
    xargs --replace \
        mvn --file {} dependency:tree \
            -Dincludes="com.coremedia.elastic.social*::jar"
            -DoutputFile=$TMP/elastic-social-applications.txt \
            -DappendOutput=true

    

In default CoreMedia Blueprint the following applications use Elastic Social:

For details on application logging configuration see: