Friday, April 20, 2012

Java: Redirecting apache log4j to syslog

1. My log4j.properties file for logging all the "INFO" level messages to both the localhost and a local file (which is  /local/log/snmp/snmp.log4j.log.info).  Six months from now, I will wonder to myself about the reason of writing to the local sylog and also a local file -  scroll down to the end for the answer 

/local/release/ESM-1.7.0-T2/snmp # cat log4j.properties
log4j.rootLogger=INFO, SYSLOG, I
#log4j.rootLogger=DEBUG, D

# configure Syslog facility LOCAL appender
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.Threshold=INFO
log4j.appender.SYSLOG.SyslogHost=localhost
#log4j.appender.SYSLOG.Facility=LOCAL1
log4j.appender.SYSLOG.FacilityPrinting=true
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.conversionPattern=[%p] %c:%L - %m%n

# File
log4j.appender.I = org.apache.log4j.RollingFileAppender
log4j.appender.I.File = /local/log/snmp/snmp.log4j.log.info
log4j.appender.D = org.apache.log4j.RollingFileAppender                     
log4j.appender.D.File = /local/log/snmp/snmp.log4j.log.debug
                                                                             
# Control the maximum log file size
log4j.appender.I.MaxFileSize = 1MB 
log4j.appender.D.MaxFileSize = 1MB
# Archive log files (one backup file here)
log4j.appender.I.MaxBackupIndex = 10      
log4j.appender.D.MaxBackupIndex = 10
log4j.appender.I.layout = org.apache.log4j.PatternLayout
log4j.appender.D.layout = org.apache.log4j.PatternLayout
log4j.appender.I.layout.ConversionPattern = [%d{ISO8601}]%5p%6.6r[%t]%x - %C.%M(%F:%L) - %m%n
log4j.appender.D.layout.ConversionPattern = [%d{ISO8601}]%5p%6.6r[%t]%x - %C.%M(%F:%L) - %m%n

2.  Do the following for syslog configuration on the syslog server side:
- Add the corresponding configuration for where the logs will go for the "LOCAL1" facility:

local1.* /var/log/local1.log

- Since Log4j SyslogAppender is using SyslogAppender as the underline class, and SyslogWriter is using DatagramPacket which writes to syslog remotely, the designated syslog daemon needs to enable remote access to it. Make it short - the syslog daemon needs to enable option "-r" in order to receive the logs from Log4j.

- Don't forget to restart syslog service / syslogd daemon after all.

Note that this does not work with the syslog service in busybox. It's a know bug and have not been fixed as of Busybox 1.9.0. In order to have it works in busybox, a different syslog service such as socklog needs to be ported over.


3. Reason why I was writing to both the localhost syslog and a local file: 
- With the current architecture I am working on, syslog service is managed via runit . By default, syslogs are logged into the local host. If user configures a syslog server for the device, those logs will be forwarded to the actual destination.
- so in the corresponding runit script, syslogd/socklog daemon will need to be instantiated with both "-r" and "-R" option.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)