Coldbox and VueJS untangled

Category: Logbox

How to get a visitors real IP in cfml.

Some of our clients love it when we log a lot of security related info in their applications. So on every authentication request we want to log the user’s IP and if we are denying access to some parts of the application we want to log this as well. So we have code like this all over our application:

authLogger.warn( "User #rc.username# from #getRealIp()# tried to do something dangerous" );

So can we detect the real IP of our users with high confidence?
The short answer: you can’t trace all the bad guys and people who want to stay anonymous, but for the majory of users you can get get some more info.

Continue reading

Logbox: automated archiving of your logs

When you start using Logbox the amount of logged messages can add up quickly, leading to huge logfiles or database tables with many many logEntries. Logbox has many different appender types, and in some cases size of your logs is controlled by external systems such as lucee or for example the logrotate system in Linux. If you are logging to a file you could use a rollingFileAppender which limits the file size, and for this appender you can configure the max number of file archives.

We prefer to use a DBAppender, so I can create some nice display of the logged details in a user interface, but for limiting the size and creating some archive it seems we are out of luck. According to the docs there are no options for limiting the size or creating some archive. So how are we going to fix that?

Continue reading

Logbox: track your database changes (part 2)

In my previous post on tracking database changes I described how you can log all database changes for a quick orm system. I also mentioned you can do a similar thing for cborm systems which are based on coldfusion ORM (hibernate). I have used cborm a lot in the past, and even did some presentations on orm, but I noticed there are quite some people who don’t like or even hate the coldfusion orm, for being slow, memory consuming and hard to understand. I am not sure if this reputation is well deserved. Yes, error messages are hard to understand, but so are the errors in quick (if you are not the author of the module 🙂 . Initially Adobe did a bad job on default settings for ORM, which made it harder to understand and Lucee ruined my ORM setup when upgrading from lucee 4 to 5, and it took them several years to fix three lines of code. But nowadays, there is an update for the hibernate engine in Lucee, and more important: the cborm library does a very nice job in hiding the hard parts of database transactions in ORM, and it opens up the Criteria API from hibernate. Once you know how to handle cborm it is a lot faster than quick and it has a different abstraction for your entities. I will leave the details on performance for another post. Just want to mention both quick and cborm have their place, and in this post I will show you which steps you should take to track your database changes with cborm .

Continue reading

Logbox: track your database changes (part 1)

As a former owner and CTO of a webhosting company our support staff and our customers often made changes to DNS and email settings in our CFML customer portal, but this can be a dangerous affair if you don’t know what your are doing . Of course auditing can be done in the database systems, but in that case you’ll often miss specific information such as user ID’s, company names, ip numbers and so on. In other projects a detailed log of our database changes could also be very useful, so in this post I’ll discuss how you can log your changes very easily using Logbox and interceptors in a coldbox application.

Continue reading

Logbox: modify your message format.

In my previous post I explained some of the basics of Logbox, including the use of appenders. An appender is just a component which takes care of sending your log messages to some message repository, such as a file, console, socket, email, database and so on. Logbox is very handy because it has a standard format to send your log messages and optionally extra info. But sometimes you want to send extra information and show it in a nice format in your logs. Logbox has two ways to modify the output: Layout components and custom appenders.
In most cases Logbox is sending the following information

  • Message
  • ExtraInfo (any data)
  • Severity (from FATAL to DEBUG)
  • Category
  • Logdate
  • Appendername

Not all information is written to the target repository, this is depending on the appender. Some targets have their own logging dates, or they are missing some of the severities (like DEBUG). The DummyAppender is not even writing anything at all! So your appender determines what gets written and in what format.

Sometimes we want more. Most of my applications need authentication, so I would like to see the username in my logs. Other applications are multi-tenant, so I would like to see the tenant code (and the username) in my log. So how can I make sure my tenant code and username will be added to the LogEvent? And how can I write both properties to my log repository?

Continue reading

Logbox: basic concepts and configuration

As mentioned in my previous post it might be a bit overwhelming when you want to start logging with coldbox. So why not just appending some information to a file instead? There’s a few reasons for this:

  • standards: Logbox has a standard way of sending information to a logging source, so you don’t have to rewrite your code if your loggin requirements change. There are several logging levels (severity), more on that later. And configuration can be done in one central place if you want.
  • performance: Logbox has some standard async loggers. This is a performance benefit, your code will not wait until your logging is finished
  • reusability. This has a a lot in common with the first bullet on standards. All coldbox framework code and many libraries are using logbox. So if you know how to configure Logbox, you can tap into all info which will be logged by framework and other library code.
  • flexibility: Logbox allows you to enable debug logging or suppress other logging level for any part of your own code, the coldbox framework or installed modules. And it allows you to send debugging info to any repository you want. You can even create your own logging methods.

In this post I will show you how to add simple logging capabilities to a coldbox application. I will explain all concepts of Logbox in detail, but I will start with the short version:

  • create a Logbox struct in your coldbox configuration file with keys for appenders (required), root logger (also required), categories (optional but very useful) and the related keys debug, info, warning, error, fatal and off, which are all used to set maximum logging levels for certain categories
  • add at least one appender to your appenders array. There are many appenders such as file appenders, database appenders, console appenders and more. Each appender has at least a class name and some properties which may vary based on the type of appender
  • add a root logger. This root logger is some kind of default category. If you create a a named logger, which is a logger for a category it will try to find a logger configuration for this category and if it doesn’t find the category or a parent category it will use this root logger config. A root logger has an appenders property where you can specify to which appenders the message will be sent, and a levelMin (default=FATAL) and levelMax (default=DEBUG) property to specify which level of messages will be allowed for this category.
  • add some (named) categories. This is optional, but makes live easier if you want to modify logging behaviour for parts of your application, like sending it to other appenders or restricting your logging to certain levels.
  • add some impliciet categories. this is done by using the keys debug, info, warning, error, fatal and off to specify a maximum level for certain categories.

Your config will look a bit like this ( only with some real values…. ) :

//LogBox DSL
logBox = {
    // The configuration file without fileextension to use for operation, instead of using this structure
    configFile = "config/LogBox", 
    // Appenders
    appenders = {
        appenderName = {
                name  = value,
                prop2 = value 2
    // Root Logger
    root = {levelMin="FATAL", levelMax="DEBUG", appenders="*"},
    // Granular Categories
    categories = {
        "coldbox.system" = { levelMin="FATAL", levelMax="INFO", appenders="*"},
        "" = { levelMax="DEBUG", appenders="console"}
    // Implicit categories
    debug  = ["coldbox.system.interceptors"],
    info   = ["model.class", "model2.class2"],
    warn   = ["model.class", "model2.class2"],
    error  = ["model.class", "model2.class2"],
    fatal  = ["model.class", "model2.class2"],
    off    = ["model.class", "model2.class2"]

Now you can start logging. In a model the most flexible way to do this is by wirebox injection, e.g

property name="log" inject="logbox:logger:{this}";
property name="myLog" inject="logbox:logger:models.sub.myService";
property name="perfLog" inject="logbox:logger:performance";

In a handler or interceptor it is even easier. You can do the same injections to create named loggers, but there is also a preconfigured logger called log so you can just start logging by calling"Hi there");
log.fatal("Terrible crash!");

So now you know how to start logging I will explain some concepts and some stuff which is confusing or unclear in the Logbox manual.

Continue reading

Logbox for dummies

Almost every application needs logging. Instead of writing your own logic in cfml applications it is a lot easier to use Logbox. It is based on the concepts of the Apache Log4J library. Logbox makes it easy to log messages to a file, a database, email, sockets and many more destinations, and it even allows you to write your own code for special logging targets.

Logbox can be used standalone so you are not limited to coldbox applications. It is very flexible and you can create many different loggers. For so far the good news. The bad news? Well, it is not really really bad, but I think the logbox documentation is confusing in some places. I have been using Logbox for a very long time, but even though I can create my own code for logging I was always struggling to get it right, so every component was logging in the right places and at the desired logging level.
There is a lot of documentation for logbox and log4j but a non-native english speaker like me is missing a good starting point and an explanation of the basic components. So I decided to ask around in some slack channels and read some Logbox source code, so after 10+ years I finally took some time to investigate Logbox a bit better, so now I understand all details. I want to share this in a few posts. Topics I will address:

  • basic configuration : logbox, loggers, appenders, categories and severity levels.
  • how to extend logging capabilities by creating your own appender.
  • a very simple way to display all logging details in our applications.
  • some logging examples: audit logging of your database changes, condition logging of performance

So in my next post I will start with the basic concepts of Logbox

© 2023

Theme by Anders NorenUp ↑