Never though log4j has such a deep knowledge that I didn't know of. I was assign to develop a custom made log level in log4j due to my project must follow OWASP compliance. Read the link here. Interestingly, I got the custom log level done but how could I configure it in log4j? I almost overlook on this. Anyhow this could be done in following way.
log4j.appender.APP.threshold = SECURITY#org.huahsin.util.CustomLogLevel
To log a message on security, this is the way:
logger.log(CustomLogLevel.SECURITY, "blah blah blah");