diff --git a/Dockerfile b/Dockerfile
index 4592efc..488e960 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -14,10 +14,11 @@ FROM base
 # this will assume whatever FROM_TAG was set in first stage above
 ARG FROM_TAG
 
-ARG DEBUG=
+ARG DEBUG
 ARG LABKEY_VERSION
 ARG LABKEY_DISTRIBUTION
 ARG LABKEY_EK
+ARG LOG4J_CONFIG_OVERRIDE
 
 # dependent ENVs declared separately
 ENV POSTGRES_USER="postgres" \
@@ -35,11 +36,11 @@ ENV DEBUG="${DEBUG}" \
     \
     CATALINA_HOME="${TOMCAT_BASE_DIR}" \
     \
-    POSTGRES_PASSWORD= \
+    POSTGRES_PASSWORD="" \
     POSTGRES_HOST="localhost" \
     POSTGRES_PORT="5432" \
     POSTGRES_DB="${POSTGRES_USER}" \
-    POSTGRES_PARAMETERS= \
+    POSTGRES_PARAMETERS="" \
     \
     POSTGRES_MAX_TOTAL_CONNECTIONS=50 \
     POSTGRES_MAX_IDLE_CONNECTIONS=10 \
@@ -57,16 +58,16 @@ ENV DEBUG="${DEBUG}" \
     LABKEY_SYSTEM_DESCRIPTION="${LABKEY_SYSTEM_SHORT_NAME}" \
     LABKEY_BASE_SERVER_URL="https://${LABKEY_DEFAULT_DOMAIN}:${LABKEY_PORT}" \
     \
-    LABKEY_STARTUP_BASIC_EXTRA= \
-    LABKEY_STARTUP_DISTRIBUTION_EXTRA= \
+    LABKEY_STARTUP_BASIC_EXTRA="" \
+    LABKEY_STARTUP_DISTRIBUTION_EXTRA="" \
     \
-    LABKEY_CREATE_INITIAL_USER= \
+    LABKEY_CREATE_INITIAL_USER="" \
     LABKEY_INITIAL_USER_EMAIL="toor@localhost" \
     LABKEY_INITIAL_USER_ROLE="SiteAdminRole" \
     LABKEY_INITIAL_USER_GROUP="Administrators" \
     \
-    LABKEY_CREATE_INITIAL_USER_APIKEY= \
-    LABKEY_INITIAL_USER_APIKEY= \
+    LABKEY_CREATE_INITIAL_USER_APIKEY="" \
+    LABKEY_INITIAL_USER_APIKEY="" \
     \
     LOG_LEVEL_TOMCAT="OFF" \
     LOG_LEVEL_SPRING_WEB="OFF" \
@@ -80,7 +81,7 @@ ENV DEBUG="${DEBUG}" \
     TOMCAT_SSL_ENABLED_PROTOCOLS="TLSv1.3,TLSv1.2" \
     TOMCAT_SSL_PROTOCOL="TLS" \
     \
-    TOMCAT_ENABLE_ACCESS_LOG= 
+    TOMCAT_ENABLE_ACCESS_LOG=""
 
 ENV CERT_C="US" \
     CERT_ST="Washington" \
@@ -92,25 +93,25 @@ ENV CERT_C="US" \
     SMTP_HOST="localhost" \
     SMTP_USER="root" \
     SMTP_PORT="25" \
-    SMTP_PASSWORD= \
+    SMTP_PASSWORD="" \
     SMTP_FROM="${LABKEY_SYSTEM_EMAIL_ADDRESS}" \
-    SMTP_STARTTLS= \
+    SMTP_STARTTLS="" \
     SMTP_AUTH="false" \
     \
     MAX_JVM_RAM_PERCENT="90.0" \
     \
-    JAVA_PRE_JAR_EXTRA= \
-    JAVA_POST_JAR_EXTRA= \
+    JAVA_PRE_JAR_EXTRA="" \
+    JAVA_POST_JAR_EXTRA="" \
     JAVA_TMPDIR="/var/tmp" \
     JAVA_TIMEZONE="America/Los_Angeles" \
     \
     LOGGER_PATTERN="%-40.40logger{39}" \
-    LOG_LEVEL_DEFAULT= \
+    LOG_LEVEL_DEFAULT="" \
     \
-    LOG_LEVEL_LABKEY_DEFAULT= \
-    LOG_LEVEL_API_MODULELOADER= \
-    LOG_LEVEL_API_SETTINGS= \
-    LOG_LEVEL_API_PIPELINE=
+    LOG_LEVEL_LABKEY_DEFAULT="" \
+    LOG_LEVEL_API_MODULELOADER="" \
+    LOG_LEVEL_API_SETTINGS="" \
+    LOG_LEVEL_API_PIPELINE=""
 
 COPY entrypoint.sh /entrypoint.sh
 
@@ -212,7 +213,7 @@ COPY "startup/${LABKEY_DISTRIBUTION}.properties" \
     startup/49_distribution.properties
 
 # add logging config files
-COPY log4j2.xml log4j2.xml
+COPY "${LOG4J_CONFIG_OVERRIDE}" "config/${LOG4J_CONFIG_OVERRIDE}"
 
 # add aws cli & make it owned by labkey user so it can all be deleted after s3 downloads in entrypoint.sh
 RUN mkdir -p /usr/src/awsclizip "${LABKEY_HOME}/awsclibin" "${LABKEY_HOME}/aws-cli" \
diff --git a/Makefile b/Makefile
index 2871718..85a85cf 100644
--- a/Makefile
+++ b/Makefile
@@ -25,6 +25,8 @@ LABKEY_VERSION ?= 21.5-SNAPSHOT
 LABKEY_DISTRIBUTION ?= community
 LABKEY_EK ?= 123abc456
 
+LOG4J_CONFIG_OVERRIDE ?= default.log4j2.xml
+
 BUILD_ARCHITECTURE ?= linux/amd64
 
 # repo/image:tags must be lowercase
@@ -69,6 +71,7 @@ build:
 		--build-arg 'LABKEY_VERSION=$(LABKEY_VERSION)' \
 		--build-arg 'LABKEY_DISTRIBUTION=$(BUILD_DISTRIBUTION)' \
 		--build-arg 'LABKEY_EK=$(LABKEY_EK)' \
+		--build-arg 'LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}' \
 		.
 
 login:
@@ -101,27 +104,27 @@ push:
 
 up:
 	$(call tc,bringing up compose)
-	docker-compose up --abort-on-container-exit ${BUILD_DISTRIBUTION} \
-			|| docker-compose stop ${BUILD_DISTRIBUTION} pg-${BUILD_DISTRIBUTION}
+	docker compose up --abort-on-container-exit ${BUILD_DISTRIBUTION} \
+			|| docker compose stop ${BUILD_DISTRIBUTION} pg-${BUILD_DISTRIBUTION}
 
 up-allpg:
 	$(call tc,bringing up compose)
-	docker-compose up --abort-on-container-exit allpg \
-			|| docker-compose stop allpg pg-allpg
+	docker compose up --abort-on-container-exit allpg \
+			|| docker compose stop allpg pg-allpg
 
 up-enterprise:
 	$(call tc,bringing up compose)
-	docker-compose up --abort-on-container-exit enterprise \
-			|| docker-compose stop enterprise pg-enterprise
+	docker compose up --abort-on-container-exit enterprise \
+			|| docker compose stop enterprise pg-enterprise
 
 up-lims_starter:
 	$(call tc,bringing up compose)
-	docker-compose up --abort-on-container-exit lims_starter \
-			|| docker-compose stop lims_starter pg-lims_starter
+	docker compose up --abort-on-container-exit lims_starter \
+			|| docker compose stop lims_starter pg-lims_starter
 
 down:
 	$(call tc,tearing down compose)
-	docker-compose down -v --remove-orphans
+	docker compose down -v --remove-orphans
 
 clean:
 	docker images | grep -E '$(BUILD_REPO_NAME)|<none>' \
@@ -131,13 +134,13 @@ clean:
 
 test: down
 	$(call tc,running smoke tests)
-	IDENT=${BUILD_DISTRIBUTION} docker-compose up --detach ${BUILD_DISTRIBUTION};
+	IDENT=${BUILD_DISTRIBUTION} docker compose up --detach ${BUILD_DISTRIBUTION};
 	@./smoke.bash \
 		&& printf "##teamcity[progressMessage '%s']\n" 'smoke test succeeded' \
 		|| printf "##teamcity[buildProblem description='%s' identity='%s']\n" \
 			'smoke test failed' \
 			'failure'
-	IDENT=${BUILD_DISTRIBUTION} docker-compose down -v
+	IDENT=${BUILD_DISTRIBUTION} docker compose down -v
 
 pull: login
 	docker pull $(BUILD_REMOTE_REPO):$(PULL_TAG)
diff --git a/README.md b/README.md
index fcb2f7e..327efbb 100644
--- a/README.md
+++ b/README.md
@@ -13,6 +13,9 @@ The policy itself can be overriden with an `optional.application.properties` fil
 
 CSP_REPORT and CSP_ENFORCE environment variables have been removed.
 
+## log4j2.xml
+March 2025 brings a new implementation of log4j2.xml. We're now using the default configuration from the [server repo](https://github.com/LabKey/server/blob/develop/server/embedded/src/main/resources/log4j2.xml), and overriding that as needed with the local file identified in the `LOG4J_CONFIG_OVERRIDE` environment variable. By default this is an empty file that makes no changes, which is due to some complications of the Docker `COPY` command. During startup, entrypoint.sh copies the local files into the configs directory after the jar has been opened up.
+
 ## Upgrading from 23.11 to 24.3
 March 2024 saw [many changes](https://github.com/LabKey/Dockerfile/commits/24.3.0) in an effort to bring this repo in line with LabKey server versioning/releases, starting with v24.3, in which the embedded tomcat version has been upgraded from 9 to 10. 
 
@@ -165,19 +168,21 @@ A better description of the LabKey settings can be found in the LabKey docs [her
 
 `LABKEY_GUID` is only relevant if you are attempting to created/run a container destined to connect to a pre-existing database belonging to a pre-existing LabKey.
 
-| name                        | purpose                                                                                                  | default                  |
-| --------------------------- | -------------------------------------------------------------------------------------------------------- | ------------------------ |
-| LABKEY_BASE_SERVER_URL      | full URI LabKey will use to refer to itself                                                              | `https://localhost:8443` |
-| LABKEY_COMPANY_NAME         | name of your organization; appears in emails                                                             | `Sirius Cybernetics`     |
-| LABKEY_DEFAULT_DOMAIN       | (DNS) domain where the LabKey server resides                                                             | `localhost`              |
-| LABKEY_DISTRIBUTION         | "flavor" of labkey;                                                                                      | `community`              |
-| LABKEY_FILES_ROOT           | path within which will serve as the root of the "files" directory                                        | `/labkey/files`          |
-| LABKEY_GUID                 | LabKey [server GUID](https://www.labkey.org/Documentation/wiki-page.view?name=stagingServerTips#guid)    | `<empty>`                |
-| LABKEY_EK                  | LabKey [encryption key](https://www.labkey.org/Documentation/wiki-page.view?name=cpasxml#encrypt) | `123abc456`                |
-| LABKEY_PORT                 | port to which labkey will bind within the container                                                      | `8443`                   |
-| LABKEY_SYSTEM_DESCRIPTION   | brief description of server; appears in emails                                                           | `Sirius Cybernetics`     |
-| LABKEY_SYSTEM_EMAIL_ADDRESS | email address system email will be sent "from"                                                           | `do_not_reply@localhost` |
-| LABKEY_SYSTEM_SHORT_NAME    | name of server displayed in header                                                                       | `Sirius Cybernetics`     |
+| name                        | purpose                                                                                               | default                  |
+|-----------------------------|-------------------------------------------------------------------------------------------------------|--------------------------|
+| LABKEY_BASE_SERVER_URL      | full URI LabKey will use to refer to itself                                                           | `https://localhost:8443` |
+| LABKEY_COMPANY_NAME         | name of your organization; appears in emails                                                          | `Sirius Cybernetics`     |
+| LABKEY_DEFAULT_DOMAIN       | (DNS) domain where the LabKey server resides                                                          | `localhost`              |
+| LABKEY_DISTRIBUTION         | "flavor" of labkey;                                                                                   | `community`              |
+| LABKEY_FILES_ROOT           | path within which will serve as the root of the "files" directory                                     | `/labkey/files`          |
+| LABKEY_GUID                 | LabKey [server GUID](https://www.labkey.org/Documentation/wiki-page.view?name=stagingServerTips#guid) | `<empty>`                |
+| LABKEY_EK                   | LabKey [encryption key](https://www.labkey.org/Documentation/wiki-page.view?name=cpasxml#encrypt)     | `123abc456`              |
+| LABKEY_PORT                 | port to which labkey will bind within the container                                                   | `8443`                   |
+| LABKEY_SYSTEM_DESCRIPTION   | brief description of server; appears in emails                                                        | `Sirius Cybernetics`     |
+| LABKEY_SYSTEM_EMAIL_ADDRESS | email address system email will be sent "from"                                                        | `do_not_reply@localhost` |
+| LABKEY_SYSTEM_SHORT_NAME    | name of server displayed in header                                                                    | `Sirius Cybernetics`     |
+| LOG4J_CONFIG_OVERRIDE       | Filename for a file that provides logging configuration overrides                                     | `default.log4j.xml`      |
+
 
 You can optionally bypass the initial user creation "wizard" by creating an initial user using the following environment variables. **At time of writing, there is no way to set the initial user's password.** Assuming valid SMTP configuration, the "forgot password" link can be used to accomplish this. Additionally, an API can be created for that user. If both `LABKEY_CREATE_INITIAL_USER` & `LABKEY_CREATE_INITIAL_USER_APIKEY` are set to a values other than empty strings, but `LABKEY_INITIAL_USER_APIKEY` is not set, a randomly generated string will be used. Setting `LABKEY_CREATE_INITIAL_USER_APIKEY` without having set `LABKEY_CREATE_INITIAL_USER` will result in NO initial user being added.
 
diff --git a/default.log4j2.xml b/default.log4j2.xml
new file mode 100644
index 0000000..e69de29
diff --git a/docker-compose.yml b/docker-compose.yml
index 10b6d0f..adfeedc 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -83,6 +83,7 @@ services:
       - LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI=${LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI}
       - LABKEY_DEFAULT_PROPERTIES_S3_URI=${LABKEY_DEFAULT_PROPERTIES_S3_URI}
       - LOG4J_CONFIG_FILE=${LOG4J_CONFIG_FILE-log4j2.xml}
+      - LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}
       - JSON_OUTPUT=${JSON_OUTPUT-false}
       - DD_COLLECT_APM=${DD_COLLECT_APM-false}      
       - SLEEP=${SLEEP:-0}
@@ -196,6 +197,7 @@ services:
       - LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI=${LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI}
       - LABKEY_DEFAULT_PROPERTIES_S3_URI=${LABKEY_DEFAULT_PROPERTIES_S3_URI}
       - LOG4J_CONFIG_FILE=${LOG4J_CONFIG_FILE-log4j2.xml}
+      - LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}
       - JSON_OUTPUT=${JSON_OUTPUT-false}
       - DD_COLLECT_APM=${DD_COLLECT_APM-false}
       - SLEEP=${SLEEP:-0}
@@ -307,6 +309,7 @@ services:
       - LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI=${LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI}
       - LABKEY_DEFAULT_PROPERTIES_S3_URI=${LABKEY_DEFAULT_PROPERTIES_S3_URI}
       - LOG4J_CONFIG_FILE=${LOG4J_CONFIG_FILE-log4j2.xml}
+      - LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}
       - JSON_OUTPUT=${JSON_OUTPUT-false}
       - DD_COLLECT_APM=${DD_COLLECT_APM-false}
       - SLEEP=${SLEEP:-0}
@@ -419,6 +422,7 @@ services:
       - LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI=${LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI}
       - LABKEY_DEFAULT_PROPERTIES_S3_URI=${LABKEY_DEFAULT_PROPERTIES_S3_URI}
       - LOG4J_CONFIG_FILE=${LOG4J_CONFIG_FILE-log4j2.xml}
+      - LOG4J_CONFIG_OVERRIDE=${LOG4J_CONFIG_OVERRIDE}
       - JSON_OUTPUT=${JSON_OUTPUT-false}
       - DD_COLLECT_APM=${DD_COLLECT_APM-false}
       - SLEEP=${SLEEP:-0}
diff --git a/entrypoint.sh b/entrypoint.sh
index 5665132..702b67f 100755
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -224,13 +224,14 @@ main() {
 
   sed -i "s/@@encryptionKey@@/${LABKEY_EK}/" config/application.properties
 
-  if [ "$JSON_OUTPUT" = "true" ] && [ "$LOG4J_CONFIG_FILE" = "log4j2.xml" ]; then
-    echo "JSON_OUTPUT==true && LOG4J_CONFIG_FILE==log4j2.xml, so updating application.properties and log4j2.xml to output JSON to console"
-    sed -i '/<!-- p=priority c=category d=datetime t=thread m=message n=newline -->/d' $LOG4J_CONFIG_FILE
-    sed -i 's/<PatternLayout.*\/>/<JSONLayout compact="true" eventEol="true" properties="true" stacktraceAsString="true" \/>/' $LOG4J_CONFIG_FILE
-    sed -i 's/^logging.pattern.console/# logging.pattern.console/' config/application.properties
+  # TODO: do we need the JSON check anymore? should we just take the override if it is set?
+  # Check if we want JSON output, we are using the base log4j2.xml config, and have an override config to use
+  if [ "${JSON_OUTPUT}" = "true" ] && [ "${LOG4J_CONFIG_FILE}" = "log4j2.xml" ] && [ -s "config/${LOG4J_CONFIG_OVERRIDE}" ]; then
+    echo "JSON_OUTPUT==true && LOG4J_CONFIG_FILE==log4j2.xml && LOG4J_CONFIG_OVERRIDE is set, so updating application.properties and log4j2.xml to output JSON to console"
+    LOG4J_CONFIG_FILE="${LOG4J_CONFIG_FILE:=log4j2.xml},config/${LOG4J_CONFIG_OVERRIDE}"
+    echo "Log4j configuration files: $LOG4J_CONFIG_FILE"
   else
-    echo "saw JSON_OUTPUT=$JSON_OUTPUT and LOG4J_CONFIG_FILE=$LOG4J_CONFIG_FILE"
+    echo "saw JSON_OUTPUT=$JSON_OUTPUT and LOG4J_CONFIG_FILE=$LOG4J_CONFIG_FILE and LOG4J_CONFIG_OVERRIDE=$LOG4J_CONFIG_OVERRIDE"
   fi
 
   export DD_JAVA_AGENT=""
diff --git a/labkey.log4j2.xml b/labkey.log4j2.xml
new file mode 100644
index 0000000..8d03def
--- /dev/null
+++ b/labkey.log4j2.xml
@@ -0,0 +1,46 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<Configuration packages="org.labkey.api.util,org.labkey.embedded">
+
+    <Appenders>
+        <Console name="CONSOLE" target="SYSTEM_OUT">
+            <JSONLayout compact="true" eventEol="true" properties="true" stacktraceAsString="true" />
+        </Console>
+    </Appenders>
+
+    <Loggers>
+        <Logger name="org.labkey.api.script.ScriptService.Console" additivity="false" level="info">
+            <AppenderRef ref="SessionAppender"/>
+        </Logger>
+
+        <Logger name="org.fhcrc" level="info" />
+        <Logger name="org.labkey" level="${env:LOG_LEVEL_LABKEY_DEFAULT:-INFO}" />
+
+        <!--        Override the additivity -->
+        <Logger name="org.labkey.api.util.DebugInfoDumper" additivity="false" level="debug">
+            <AppenderRef ref="THREAD_DUMP"/>
+        </Logger>
+
+        <!-- Override the additivity, and output to Console -->
+        <Logger name="org.labkey.core.admin.AdminController.ContentSecurityPolicyReportAction" additivity="false" level="warn">
+            <AppenderRef ref="CSP_REPORT" />
+            <AppenderRef ref="CONSOLE" />
+        </Logger>
+
+        <!--        Override the additivity -->
+        <Logger name="org.labkey.core.admin.ActionsTsvWriter" additivity="false" level="${env:LOG_LEVEL_LABKEY_DEFAULT:-INFO}">
+            <AppenderRef ref="ACTION_STATS"/>
+        </Logger>
+
+        <!--        Override the output level -->
+        <Logger name="org.labkey.api.data.queryprofiler.QueryProfiler.QueryProfilerThread" additivity="false" level="${env:LOG_LEVEL_LABKEY_DEFAULT:-INFO}">
+            <AppenderRef ref="QUERY_STATS"/>
+        </Logger>
+
+        <!-- Override the audit log behavior -->
+<!--        <Logger name="org.labkey.audit.event" additivity="false" level="OFF">-->
+<!--            <AppenderRef ref="LABKEY_AUDIT"/>-->
+<!--            <AppenderRef ref="CONSOLE" />-->
+<!--        </Logger>-->
+    </Loggers>
+</Configuration>
diff --git a/log4j2.xml b/log4j2.xml
deleted file mode 100644
index 34c6d70..0000000
--- a/log4j2.xml
+++ /dev/null
@@ -1,344 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" ?>
-
-<Configuration packages="org.labkey.api.util,org.labkey.embedded">
-
-    <Appenders>
-        <Console name="CONSOLE" target="SYSTEM_OUT">
-            <!-- p=priority c=category d=datetime t=thread m=message n=newline -->
-            <PatternLayout pattern="%-5p %-24.24c{1} %d{ISO8601} %24.24t : %m%n" />
-
-            <!-- <JSONLayout compact="true" eventEol="true" properties="true" stacktraceAsString="true" /> -->
-
-        </Console>
-
-        <RollingFile name="ERRORS"
-                     fileName="${sys:labkey.log.home}/labkey-errors.log"
-                     append="true"
-                     bufferedIO="false"
-                     filePattern="${sys:labkey.log.home}/labkey-errors.log.%i">
-            <ThresholdFilter level="ERROR" onMatch="ACCEPT" onMismatch="DENY"/>
-            <!-- p=priority c=category d=datetime t=thread m=message n=newline   -->
-            <PatternLayout>
-                <Pattern>%-5p %-24.24c{1} %d{ISO8601} %24.24t : %m%n</Pattern>
-            </PatternLayout>
-            <Policies>
-                <OnStartupTriggeringPolicy />
-                <SizeBasedTriggeringPolicy size="100 MB"/>
-            </Policies>
-            <DefaultRolloverStrategy fileIndex="min">
-                <LabKeyDelete basePath="${sys:labkey.log.home}">
-                </LabKeyDelete>
-            </DefaultRolloverStrategy>
-        </RollingFile>
-
-        <RollingFile name="ACTION_STATS"
-                     fileName="${sys:labkey.log.home}/labkey-action-stats.tsv"
-                     append="true"
-                     bufferedIO="false"
-                     filePattern="${sys:labkey.log.home}/labkey-action-stats.tsv.%i">
-            <!-- p=priority c=category d=datetime t=thread m=message n=newline -->
-            <PatternLayout>
-                <Pattern>%m%n</Pattern>
-            </PatternLayout>
-            <Policies>
-                <OnStartupTriggeringPolicy />
-                <SizeBasedTriggeringPolicy size="100 MB"/>
-            </Policies>
-            <DefaultRolloverStrategy max="3" fileIndex="min" />
-        </RollingFile>
-
-        <RollingFile name="QUERY_STATS"
-                     fileName="${sys:labkey.log.home}/labkey-query-stats.tsv"
-                     append="true"
-                     bufferedIO="false"
-                     filePattern="${sys:labkey.log.home}/labkey-query-stats.tsv.%i">
-            <!-- p=priority c=category d=datetime t=thread m=message n=newline -->
-            <PatternLayout>
-                <Pattern>%m%n</Pattern>
-            </PatternLayout>
-            <Policies>
-                <OnStartupTriggeringPolicy />
-                <SizeBasedTriggeringPolicy size="100 MB"/>
-            </Policies>
-            <DefaultRolloverStrategy max="3" fileIndex="min" />
-        </RollingFile>
-
-        <RollingFile name="LABKEY"
-                     fileName="${sys:labkey.log.home}/labkey.log"
-                     append="true"
-                     bufferedIO="false"
-                     filePattern="${sys:labkey.log.home}/labkey.log.%i">
-            <!-- p=priority c=category d=datetime t=thread m=message n=newline -->
-            <PatternLayout>
-                <Pattern>%-5p %-24.24c{1} %d{ISO8601} %24.24t : %m%n</Pattern>
-            </PatternLayout>
-            <Policies>
-                <SizeBasedTriggeringPolicy size="10 MB"/>
-            </Policies>
-            <DefaultRolloverStrategy fileIndex="min" />
-        </RollingFile>
-
-        <RollingFile name="LABKEY_AUDIT"
-                     fileName="${sys:labkey.log.home}/labkey-audit.log"
-                     append="true"
-                     bufferedIO="false"
-                     filePattern="${sys:labkey.log.home}/labkey-audit.log.%i">
-            <!-- p=priority c=category d=datetime t=thread m=message n=newline -->
-            <PatternLayout>
-                <Pattern>%-5p %-24.24c{1} %d{ISO8601} %24.24t : %m%n</Pattern>
-            </PatternLayout>
-            <Policies>
-                <SizeBasedTriggeringPolicy size="10 MB"/>
-            </Policies>
-            <DefaultRolloverStrategy fileIndex="min" />
-        </RollingFile>
-
-        <SessionAppender name="SessionAppender">
-            <PatternLayout>
-                <Pattern>%-5p %-24.24c{1} %d{ISO8601} %24.24t : %m%n</Pattern>
-            </PatternLayout>
-        </SessionAppender>
-
-        <RollingFile name="LABKEYMemory"
-                     fileName="${sys:labkey.log.home}/labkeyMemory.log"
-                     append="true"
-                     filePattern="${sys:labkey.log.home}/labkeyMemory.log.%i">
-            <!-- p=priority c=category d=datetime t=thread m=message n=newline -->
-            <PatternLayout>
-                <Pattern>%d{yyyy-MM-dd HH:mm:ss}%m%n</Pattern>
-            </PatternLayout>
-            <Policies>
-                <SizeBasedTriggeringPolicy size="1000 KB"/>
-            </Policies>
-            <DefaultRolloverStrategy fileIndex="min" />
-        </RollingFile>
-
-        <RollingFile name="THREAD_DUMP"
-                     fileName="${sys:labkey.log.home}/thread-dump.log"
-                     append="true"
-                     filePattern="${sys:labkey.log.home}/thread-dump.log.%i">
-            <!-- p=priority c=category d=datetime t=thread m=message n=newline -->
-            <PatternLayout>
-                <Pattern>%m%n</Pattern>
-            </PatternLayout>
-            <Policies>
-                <SizeBasedTriggeringPolicy size="10 MB"/>
-            </Policies>
-            <DefaultRolloverStrategy fileIndex="min" />
-        </RollingFile>
-
-        <RollingFile name="CSP_REPORT"
-                     fileName="${sys:labkey.log.home}/csp-report.log"
-                     append="true"
-                     filePattern="${sys:labkey.log.home}/csp-report.log.%i">
-            <!-- p=priority c=category d=datetime t=thread m=message n=newline -->
-            <PatternLayout>
-                <Pattern>%-5p %-24.24c{1} %d{ISO8601} %24.24t : %m%n</Pattern>
-            </PatternLayout>
-            <Policies>
-                <SizeBasedTriggeringPolicy size="10 MB"/>
-            </Policies>
-            <DefaultRolloverStrategy fileIndex="min" />
-        </RollingFile>
-
-        <RollingFile name="INDEXED_DOCUMENTS"
-                     fileName="${sys:labkey.log.home}/labkey-indexed-documents.log"
-                     append="true"
-                     bufferedIO="false"
-                     filePattern="${sys:labkey.log.home}/labkey-indexed-documents.log.%i">
-            <!-- d=datetime m=message n=newline -->
-            <PatternLayout>
-                <Pattern>%d{ISO8601} %m%n</Pattern>
-            </PatternLayout>
-            <Policies>
-                <SizeBasedTriggeringPolicy size="1 MB"/>
-            </Policies>
-            <DefaultRolloverStrategy max="3" fileIndex="min" />
-        </RollingFile>
-
-    </Appenders>
-
-    <Loggers>
-        <!--
-            Set all packages to INFO level (org.labkey, org.fhcrc, third-party dependencies) by default
-            and send errors to the labkey-errors.log as well.
-        -->
-        <Root level="info">
-            <AppenderRef ref="CONSOLE"/>
-            <AppenderRef ref="LABKEY"/>
-            <AppenderRef ref="ERRORS"/>
-        </Root>
-
-        <!-- category for server side script messages -->
-        <Logger name="org.labkey.api.script.ScriptService.Console" additivity="false" level="info">
-            <AppenderRef ref="SessionAppender"/>
-        </Logger>
-
-        <!-- category for Mule messages -->
-        <Logger name="org.mule.MuleManager" level="info"/>
-
-        <!--
-            <Logger name="org.labkey.pipeline.mule.transformers" level="debug"/>
-        -->
-
-        <!-- category for jasper messages -->
-        <Logger name="org.apache.jasper" level="warn"/>
-
-        <!-- application classes -->
-        <Logger name="org.fhcrc" level="info"/>
-
-        <Logger name="org.labkey" level="${env:LOG_LEVEL_LABKEY_DEFAULT:-INFO}" />
-
-        <!-- uncomment to enable 'DEBUG' level on external SAML libraries to troubleshoot.
-        Note: you will also have to set dependency on slf4j lib in saml/build.gradle - uncomment 'slf4j' external libraries and build
-        <Logger name="org.opensaml" level="DEBUG">
-            <AppenderRef ref="CONSOLE"/>
-            <AppenderRef ref="LABKEY"/>
-        </Logger>
-
-        <Logger name="org.apache.xml.security" level="DEBUG">
-            <AppenderRef ref="CONSOLE"/>
-            <AppenderRef ref="LABKEY"/>
-        </Logger> -->
-
-        <Logger name="mondrian." level="info" />
-
-        <!--
-            <Logger name="org.labkey.wiki" level="debug"/>
-        -->
-
-        <!--
-            <Logger name="org.labkey.api.action.SpringActionController" level="debug"/>
-        -->
-
-        <!-- only show errors from PipelineJob output -->
-        <Logger name="org.labkey.api.pipeline.PipelineJob" level="error"/>
-
-        <!-- don't need to log PDFBox errors (e.g., FlateFilter, PDCIDFontType2) -->
-        <Logger name="org.apache.pdfbox" level="fatal"/>
-
-        <!-- Suppress EHCache "maxElementsInMemory of 0" warnings, Issue 49593 -->
-        <Logger name="net.sf.ehcache.config.CacheConfiguration" level="error"/>
-
-        <!-- this is a very verbose logger for security/permissions checking -->
-        <!--
-            <Logger name="org.labkey.api.security.SecurityManager" level="debug"/>
-        -->
-
-        <!-- Add specific module packages or classes to get debug information about
-         features you are working on. -->
-
-        <!--
-            <Logger name="org.labkey.api.data.Table" level="debug"/>
-        -->
-
-        <Logger name="org.labkey.api.data" />
-
-        <Logger name="org.labkey.api.dataiterator" />
-
-        <Logger name="org.labkey.docker" >
-            <level value="info"/>
-        </Logger>
-
-        <Logger name="org.labkey.rstudio" level="info"/>
-
-        <!--
-            <Logger name="org.labkey.api.cache" level="debug"/>
-        -->
-
-        <!--
-            <Logger name="org.labkey.api.data.TempTableTracker" level="debug"/>
-        -->
-
-        <!--
-            <Logger name="org.labkey.query" level="debug"/>
-        -->
-
-        <!--
-            <Logger name="org.labkey.pipeline.mule" level="debug"/>
-        -->
-
-        <!--
-            <Logger name="org.labkey.search" level="debug"/>
-        -->
-
-        <!--
-            <Logger name="org.labkey.search.model.LuceneSearchServiceImpl" level="debug"/>
-        -->
-
-        <Logger name="org.labkey.api.util.MemTracker" additivity="false" level="debug">
-            <AppenderRef ref="LABKEYMemory"/>
-        </Logger>
-
-        <Logger name="org.labkey.api.search.SearchService$SearchCategory" additivity="false" level="info">
-            <AppenderRef ref="INDEXED_DOCUMENTS"/>
-        </Logger>
-
-        <Logger name="org.labkey.api.util.DebugInfoDumper" additivity="false" level="debug">
-            <AppenderRef ref="THREAD_DUMP"/>
-        </Logger>
-
-        <Logger name="org.labkey.core.admin.AdminController.ContentSecurityPolicyReportAction"  additivity="false" level="warn">
-            <AppenderRef ref="CSP_REPORT" />
-            <AppenderRef ref="CONSOLE"/>
-        </Logger>
-
-        <!--
-            <Logger name="org.labkey.api.view.ViewServlet" level="debug"/>
-        -->
-
-        <!--
-            <Logger name="org.labkey" additivity="false" level="debug">
-                <AppenderRef ref="SESSION"/>
-            </Logger>
-         -->
-
-        <Logger name="org.labkey.core.admin.ActionsTsvWriter" additivity="false" level="${env:LOG_LEVEL_LABKEY_DEFAULT:-INFO}">
-            <AppenderRef ref="ACTION_STATS"/>
-        </Logger>
-
-        <Logger name="org.labkey.api.data.queryprofiler.QueryProfiler.QueryProfilerThread" additivity="false" level="${env:LOG_LEVEL_LABKEY_DEFAULT:-INFO}">
-            <AppenderRef ref="QUERY_STATS"/>
-        </Logger>
-
-        <Logger name="org.labkey.audit.event" additivity="false" level="OFF">
-            <AppenderRef ref="LABKEY_AUDIT"/>
-            <AppenderRef ref="CONSOLE"/>
-        </Logger>
-
-        <!--
-          Other audit event types include, but are not limited to:
-            AppPropsEvent
-            AssayPublishAuditEvent
-            AttachmentAuditEvent
-            AuthenticationProviderConfiguration
-            ClientAPIActions
-            ContainerAuditEvent
-            DatasetAuditEvent
-            DomainAuditEvent
-            ExperimentAuditEvent
-            FileSystem
-            FileSystemBatch
-            GroupAuditEvent
-            ListAuditEvent
-            LoggedQuery
-            MessageAuditEvent
-            pipelineProtocolEvent
-            QueryExportAuditEvent
-            QueryUpdateAuditEvent
-            SampleTypeAuditEvent
-            SearchAuditEvent
-            SelectQuery
-         To enable logging of all events, set the level for the org.labkey.audit.event to
-         something other than "OFF". To enable individual audit event logging, configure the
-         individual stanza like the one shown below, where you prefix the audit event type
-         with 'org.labkey.audit.event'. Then set the level to INFO and specify the appenders.
-        -->
-        <Logger name="org.labkey.audit.event.UserAuditEvent" additivity="false" level="OFF">
-            <AppenderRef ref="LABKEY_AUDIT"/>
-            <AppenderRef ref="CONSOLE"/>
-        </Logger>
-
-        <Logger name="NoOpLogger" level="OFF" additivity="false"/>
-    </Loggers>
-</Configuration>
diff --git a/quickstart_envs.sh b/quickstart_envs.sh
index e7cde42..c03ca40 100644
--- a/quickstart_envs.sh
+++ b/quickstart_envs.sh
@@ -3,7 +3,7 @@
 # example minimal set of environment variables to get started - see readme for additional envs you may wish to set
 
 # embedded tomcat LabKey .jar version to build container with
-export LABKEY_VERSION="24.11"
+export LABKEY_VERSION="25.3"
 
 # minimal SMTP settings
 export SMTP_HOST="localhost"
@@ -19,3 +19,5 @@ export LABKEY_CREATE_INITIAL_USER_APIKEY=""
 export LABKEY_DEFAULT_PROPERTIES_S3_URI="none"
 export LABKEY_CUSTOM_PROPERTIES_S3_URI="none"
 export LABKEY_OPTIONAL_APP_PROPERTIES_S3_URI="none"
+
+export LOG4J_CONFIG_OVERRIDE="default.log4j2.xml"