Exceptions that are thrown while logging is in progress can prevent successful logging unless special care is taken. Failure to account for exceptions during the logging process can cause security vulnerabilities , including denial of service or vulnerabilities that allow such as allowing an attacker to conceal critical security exceptions by preventing them from being logged. Consequently, programs must ensure that data logging continues to operate correctly even when exceptions are thrown during the logging process.
...
Writing such exceptions to the standard error stream is insufficientinadequate for logging purposes. First, the standard error stream may be exhausted, preventing recording of subsequent exceptions. Second, the trust level of the standard error stream may be insufficient for recording certain security critical exceptions or errors without leaking sensitive information. If an I/O error occurs while writing the security exception, the catch clause block will throw an IOException, and the critical security exception will be forgottenlost. Finally, an attacker may attempt to disguise the exception so that it occurs with several other innocuous exceptions.
...
Typically, only one logger is required for the whole entire program.
Exceptions
EXC07-EX0: Some application servers such as IBM's WebSphere automatically log critical security exceptions such as AccessControlException. However, note that such servers may fail to log the entire set of exceptions considered critical in the security model for any particular program. Consequently, programs must appropriately log all critical security exceptions beyond those logged by their application server.
...