/local/release/ESM-1.7.0-T2/snmp # cat log4j.properties
log4j.rootLogger=INFO, SYSLOG, I
#log4j.rootLogger=DEBUG, D
# configure Syslog facility LOCAL appender
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.Threshold=INFO
log4j.appender.SYSLOG.SyslogHost=localhost
#log4j.appender.SYSLOG.Facility=LOCAL1
log4j.appender.SYSLOG.FacilityPrinting=true
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.conversionPattern=[%p] %c:%L - %m%n
# File
log4j.appender.I = org.apache.log4j.RollingFileAppender
log4j.appender.I.File = /local/log/snmp/snmp.log4j.log.info
log4j.appender.D = org.apache.log4j.RollingFileAppender
log4j.appender.D.File = /local/log/snmp/snmp.log4j.log.debug
# Control the maximum log file size
log4j.appender.I.MaxFileSize = 1MB
log4j.appender.D.MaxFileSize = 1MB
# Archive log files (one backup file here)
log4j.appender.I.MaxBackupIndex = 10
log4j.appender.D.MaxBackupIndex = 10
log4j.appender.I.layout = org.apache.log4j.PatternLayout
log4j.appender.D.layout = org.apache.log4j.PatternLayout
log4j.appender.I.layout.ConversionPattern = [%d{ISO8601}]%5p%6.6r[%t]%x - %C.%M(%F:%L) - %m%n
log4j.appender.D.layout.ConversionPattern = [%d{ISO8601}]%5p%6.6r[%t]%x - %C.%M(%F:%L) - %m%n
2. Do the following for syslog configuration on the syslog server side:
- Add the corresponding configuration for where the logs will go for the "LOCAL1" facility:
local1.* /var/log/local1.log
- Since Log4j SyslogAppender is using SyslogAppender as the underline class, and SyslogWriter is using DatagramPacket which writes to syslog remotely, the designated syslog daemon needs to enable remote access to it. Make it short - the syslog daemon needs to enable option "-r" in order to receive the logs from Log4j.
- Don't forget to restart syslog service / syslogd daemon after all.
Note that this does not work with the syslog service in busybox. It's a know bug and have not been fixed as of Busybox 1.9.0. In order to have it works in busybox, a different syslog service such as socklog needs to be ported over.
3. Reason why I was writing to both the localhost syslog and a local file:
- With the current architecture I am working on, syslog service is managed via runit . By default, syslogs are logged into the local host. If user configures a syslog server for the device, those logs will be forwarded to the actual destination.
- so in the corresponding runit script, syslogd/socklog daemon will need to be instantiated with both "-r" and "-R" option.
No comments:
Post a Comment