We have evaluated CVE-2022-22963 and CVE-2022-22965, the "Springshell" vulnerability, and have determined that ConnectALL is not vulnerable. Details are posted on this page.


Configuration for log file rotation in mule 3.6.1

Problem

Customize the log configuration settings of ConnectALL to use advanced log ratation strategies. By Default ConnectALL logs in to CAMule.log or mule-app-ConnectAll-2.xxxx.log based on the ConnectALL version you are running. The log files are typically rolled over every day, but in many cases the size of the log files grows over 1 Gig during peak loads which makes it impossible to open the log files are share with the support teams. 

Follow the below steps to configure the log ratation based on your needs. 

Log4j2 based configuration is used from Mule 3.6. So this will not work in lower version of Mule

Steps to configure the logging

  1. Stop the mule service
  2. Go to %MULE_HOME%\apps\ConnectAll-2.xxxx\classes directory
  3. Open log4j2.xml in your favorite editor
  4. Configure the logging options as given in examples below
  5. Save the configurations
  6. Restart your mule service

Make sure to change the value of app.version property in the example configurations based on your ConnectALL versions before using them.

Example configurations


log4j2 configuraion for size based rolling
<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
<Properties>
 <Property name="app.version">2.6-SNAPSHOT</Property>
 <Property name="filename">mule-app-ConnectAll-${app.version}</Property>
 <Property name="log.file">${env:MULE_HOME}/logs/${filename}.log</Property>
 <Property name="rolling.file">${env:MULE_HOME}/logs/${filename}-%i.log.gz</Property>
 </Properties>
 
 <Appenders>
 <!-- Appender to write the logs on Standard Output -->
 <Console name="Console" target="SYSTEM_OUT">
 <PatternLayout pattern="%-5p %d [%t] %c: %m%n" />
 </Console>
<!-- Appender to write logs in a file, and will rolled based on date and 
 size -->
 <RollingFile name="RollingFile" fileName="${log.file}"
 filePattern="${rolling.file}">
 <PatternLayout pattern="%-5p %d [%t] %c: %m%n" />
 <Policies>
 <SizeBasedTriggeringPolicy size="250MB" />
 </Policies>
 <DefaultRolloverStrategy max="5"/>
 </RollingFile>
 </Appenders>
<Loggers>
<AsyncLogger name="com.gigaspaces" level="WARN" />
 <AsyncLogger name="com.j_spaces" level="WARN" />
 <AsyncLogger name="com.sun.jini" level="WARN" />
 <AsyncLogger name="net.jini" level="WARN" />
 <AsyncLogger name="org.apache.cxf" level="WARN" />
 <AsyncLogger name="org.apache" level="WARN" />
 <AsyncLogger name="org.springframework.beans.factory" level="WARN" />
 <AsyncLogger name="org.mule" level="WARN" />
 <AsyncLogger name="com.mulesoft" level="WARN" />
 <AsyncLogger name="com.microsoft.tfs" level="ERROR" />
 <AsyncLogger name="org.apache.commons.httpclient.HttpMethodBase" level="ERROR" />
 <AsyncLogger name="org.apache.wink.common.internal.application.ApplicationValidator" level="ERROR" />
 <AsyncLogger name="org.mule.routing.CollectionSplitter" level="ERROR" />
 <AsyncLogger name="org.apache.wink.common.internal.application.ApplicationValidator" level="ERROR" />
 <AsyncLogger name="org.apache.wink.common.internal.registry.metadata.ProviderMetadataCollector" level="ERROR" />
<Root level="INFO">
 <AppenderRef ref="RollingFile" />
 <AppenderRef ref="Console" />
 </Root>
 </Loggers>
</Configuration>

For SizeBasedTriggering policy the sizes can be set in KB, MB and GB, and also you can specify the count of log files to be rolled over in DefaultRolloverStrategy

log4j2 configuration for time based rollover
<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
<Properties>
 <Property name="app.version">2.6-SNAPSHOT</Property>
 <Property name="filename">mule-app-ConnectAll-${app.version}</Property>
 <Property name="log.file">${env:MULE_HOME}/logs/${filename}.log</Property>
 <Property name="rolling.file">${env:MULE_HOME}/logs/$${date:yyyy-MM}/${filename}-%d{MM-dd-yyyy}-%i.log.gz</Property>
 </Properties>
 
 <Appenders>
 <!-- Appender to write the logs on Standard Output -->
 <Console name="Console" target="SYSTEM_OUT">
 <PatternLayout pattern="%-5p %d [%t] %c: %m%n" />
 </Console>
<!-- Appender to write logs in a file, and will rolled based on date and 
 size -->
 <RollingFile name="RollingFile" fileName="${log.file}"
 filePattern="${rolling.file}">
 <PatternLayout pattern="%-5p %d [%t] %c: %m%n" />
 <Policies>
 <TimeBasedTriggeringPolicy />
 </Policies>
 </RollingFile>
 </Appenders>
<Loggers>
<AsyncLogger name="com.gigaspaces" level="WARN" />
 <AsyncLogger name="com.j_spaces" level="WARN" />
 <AsyncLogger name="com.sun.jini" level="WARN" />
 <AsyncLogger name="net.jini" level="WARN" />
 <AsyncLogger name="org.apache.cxf" level="WARN" />
 <AsyncLogger name="org.apache" level="WARN" />
 <AsyncLogger name="org.springframework.beans.factory" level="WARN" />
 <AsyncLogger name="org.mule" level="WARN" />
 <AsyncLogger name="com.mulesoft" level="WARN" />
 <AsyncLogger name="com.microsoft.tfs" level="ERROR" />
 <AsyncLogger name="org.apache.commons.httpclient.HttpMethodBase" level="ERROR" />
 <AsyncLogger name="org.apache.wink.common.internal.application.ApplicationValidator" level="ERROR" />
 <AsyncLogger name="org.mule.routing.CollectionSplitter" level="ERROR" />
 <AsyncLogger name="org.apache.wink.common.internal.application.ApplicationValidator" level="ERROR" />
 <AsyncLogger name="org.apache.wink.common.internal.registry.metadata.ProviderMetadataCollector" level="ERROR" />
<Root level="INFO">

 <AppenderRef ref="RollingFile" />
 <AppenderRef ref="Console" />
 </Root>
 </Loggers>
</Configuration>

In the sample for TimeBasedTriggering policy we rollover based on dates, and also zip the files for archiving

log4j2 configuration for time and size based rollover
<?xml version="1.0" encoding="UTF-8"?>
<Configuration>
<Properties>
 <Property name="app.version">2.6-SNAPSHOT</Property>
 <Property name="filename">mule-app-ConnectAll-${app.version}</Property>
 <Property name="log.file">${env:MULE_HOME}/logs/${filename}.log</Property>
 <Property name="rolling.file">${env:MULE_HOME}/logs/$${date:yyyy-MM}/${filename}-%d{MM-dd-yyyy}-%i.log.gz</Property>
 </Properties>
 
 <Appenders>
 <!-- Appender to write the logs on Standard Output -->
 <Console name="Console" target="SYSTEM_OUT">
 <PatternLayout pattern="%-5p %d [%t] %c: %m%n" />
 </Console>
<!-- Appender to write logs in a file, and will rolled based on date and 
 size -->
 <RollingFile name="RollingFile" fileName="${log.file}"
 filePattern="${rolling.file}">
 <PatternLayout pattern="%-5p %d [%t] %c: %m%n" />
 <Policies>
 <TimeBasedTriggeringPolicy />
 <SizeBasedTriggeringPolicy size="250MB" />
 </Policies>
 <DefaultRolloverStrategy max="5"/>
 </RollingFile>
 </Appenders>
<Loggers>
<AsyncLogger name="com.gigaspaces" level="WARN" />
 <AsyncLogger name="com.j_spaces" level="WARN" />
 <AsyncLogger name="com.sun.jini" level="WARN" />
 <AsyncLogger name="net.jini" level="WARN" />
 <AsyncLogger name="org.apache.cxf" level="WARN" />
 <AsyncLogger name="org.apache" level="WARN" />
 <AsyncLogger name="org.springframework.beans.factory" level="WARN" />
 <AsyncLogger name="org.mule" level="WARN" />
 <AsyncLogger name="com.mulesoft" level="WARN" />
 <AsyncLogger name="com.microsoft.tfs" level="ERROR" />
 <AsyncLogger name="org.apache.commons.httpclient.HttpMethodBase" level="ERROR" />
 <AsyncLogger name="org.apache.wink.common.internal.application.ApplicationValidator" level="ERROR" />
 <AsyncLogger name="org.mule.routing.CollectionSplitter" level="ERROR" />
 <AsyncLogger name="org.apache.wink.common.internal.application.ApplicationValidator" level="ERROR" />
 <AsyncLogger name="org.apache.wink.common.internal.registry.metadata.ProviderMetadataCollector" level="ERROR" />
<Root level="INFO">

 <AppenderRef ref="RollingFile" />
 <AppenderRef ref="Console" />
 </Root>
 </Loggers>
</Configuration>