I have my server/default/conf/log4j.xml file configured to email me (via the SMTPAppender) if an error occurs in the server. This usually works just fine and I get appropriate errors. However, during routine vulnerability security scans from my cooperate IT department, I get spammed with thousands of emails caused by the errors the scan generates.
Does anyone else have a similar problem or a more elegant solution other than just turning off the log4j during the scan? Specifically, I'm interested in an intelligent appender which would would not log errors generated by requests from specific IPs. Of course, the log4j appender API doesn't have access to this type of HTTP information, so I imagine that I would have to store the request IP in a ThreadLocal, but I'm not sure where the best place to do this (maybe a Tomcat valve?)
Any help is appreciated