Masking not working..

[mmichalowicz]

I used the log4j2.xml and test Java code for a simple CONFIDENTIAL log from the src/test/resources and src/test/java/...MaskingRewritePolicyTest.java. Only thing that looks out of place:

2017-11-28 23:18:20,692 main WARN Log4j does not support detached Markers. Returned Marker [CONFIDENTIAL] will be unchanged.

log4j-api: 2.10.0
log4j-core: 2.10.0
log4j-slf4j-impl: 2.10.0
security-logging-log4j: 1.1.3
security-logging: 1.1.3

Smells like a versioning issue. I'd love to be able to recommend my employer use this logger and masking would be nice. I don't see any documentation on "packages" in the but I added the package of the MaskingRewritePolicy.java... I'm certain I am using parameters.

[augustd]

This is a normal warning, see: https://stackoverflow.com/questions/22745221/slf4j-what-is-a-dangling-or-detached-marker

The masking is unaffected. For example, in the test the following line prints out with the SSN masked as it should:

09:47:50.789 CONFIDENTIAL [main] INFO org.owasp.security.logging.log4j.mask.MaskingRewritePolicyTest - ssn=********