From 6f79d094b80983f36b1b52d4703093f2583ec61e Mon Sep 17 00:00:00 2001
From: Craig Perkins <cwperx@amazon.com>
Date: Fri, 22 Mar 2024 09:33:57 -0400
Subject: [PATCH] Update Log4JSink Default from sgaudit to audit and add test
 for default values (#4146)

Signed-off-by: Craig Perkins <cwperx@amazon.com>
---
 .../org/opensearch/security/auditlog/sink/Log4JSink.java    | 2 +-
 .../opensearch/security/auditlog/sink/SinkProviderTest.java | 6 ++++++
 .../auditlog/endpoints/sink/configuration_all_variants.yml  | 2 ++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/src/main/java/org/opensearch/security/auditlog/sink/Log4JSink.java b/src/main/java/org/opensearch/security/auditlog/sink/Log4JSink.java
index f01043fa21..cf535e48b1 100644
--- a/src/main/java/org/opensearch/security/auditlog/sink/Log4JSink.java
+++ b/src/main/java/org/opensearch/security/auditlog/sink/Log4JSink.java
@@ -27,7 +27,7 @@ public final class Log4JSink extends AuditLogSink {
 
     public Log4JSink(final String name, final Settings settings, final String settingsPrefix, AuditLogSink fallbackSink) {
         super(name, settings, settingsPrefix, fallbackSink);
-        loggerName = settings.get(settingsPrefix + ".log4j.logger_name", "sgaudit");
+        loggerName = settings.get(settingsPrefix + ".log4j.logger_name", "audit");
         auditLogger = LogManager.getLogger(loggerName);
         logLevel = Level.toLevel(settings.get(settingsPrefix + ".log4j.level", "INFO").toUpperCase());
         enabled = auditLogger.isEnabled(logLevel);
diff --git a/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTest.java b/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTest.java
index 5e3203261f..af8204a5c7 100644
--- a/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTest.java
+++ b/src/test/java/org/opensearch/security/auditlog/sink/SinkProviderTest.java
@@ -88,6 +88,12 @@ public void testConfiguration() throws Exception {
         Assert.assertEquals("loggername", lsink.loggerName);
         Assert.assertEquals(Level.DEBUG, lsink.logLevel);
 
+        sink = provider.getSink("endpoint13");
+        Assert.assertEquals(Log4JSink.class, sink.getClass());
+        lsink = (Log4JSink) sink;
+        Assert.assertEquals("audit", lsink.loggerName);
+        Assert.assertEquals(Level.INFO, lsink.logLevel);
+
     }
 
     @Test
diff --git a/src/test/resources/auditlog/endpoints/sink/configuration_all_variants.yml b/src/test/resources/auditlog/endpoints/sink/configuration_all_variants.yml
index f1c8620e88..82565ee3ec 100644
--- a/src/test/resources/auditlog/endpoints/sink/configuration_all_variants.yml
+++ b/src/test/resources/auditlog/endpoints/sink/configuration_all_variants.yml
@@ -45,3 +45,5 @@ plugins.security:
         config:
           log4j.logger_name: loggername
           log4j.level: invalid
+      endpoint13:
+        type: log4j