Make the Event_Type prefix in logger optional

[RodolfoAndre]

I am in a process to improve security of an application using ESAPI library. In order to do so I am using the library with the SLF4J, but once I make it work I've noticed that there is a obligatory prefix. I have a huge infrastructure and increase all logs length with the prefix would increase our cost since we use a paid monitoring service.

I have searched through stackoverflow and here as well but could not find a solution to that, so I analyzed the source code and noticed that the prefix is mandatory.

I do not know if it is a security prefix or something that is necessary. So my suggestion and idea would be create a property in the properties file if whether should print the prefix or not.

[kwwall]

@RodolfoAndre - A viable option might be to add a new ESAPI property in the ESAPI.properties file (e.g., something like "Logger.OmitEventTypeInLogs") and have it default to 'false' and when that value is false, we just don't include that in the underlying logs. But what we will not do is to provide any new interfaces where the Logger.Event_Type parameter is optional. That's not going to happen.

If you are okay with it as a new ESAPI property along the means I've outlined, then create a new 'GitHub issue' for it as a new feature request. Just beware that unless you or someone else submits a PR for it, it likely is not going to much priority from the ESAPI development team in any future ESAPI 2.x releases as ESAPI 2.5.3.0 (soon to be released; hopefully this week) is planned to be the last release where we add any features (some LDAP encoding stuff was added) . After the ESAPI 2.5.3.0 release we plan on going into "maintenance mode only" unless someone else submits a PR or unless the change is trivial and deemed broadly useful. (We do intend to migrate unfulfilled feature requests in 2.x to ESAPI 3.x though.) The idea behind this "maintenance mode only" for future 2.x releases is so we can focus on ESAPI 3.x.