Menu
I need to log events into the syslog.
I use lo4j2 and the syslog appender.
My appenders block in log4j2.xml looks like this:
<appenders>
<Console name="Console" target="SYSTEM_OUT">
<PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
</Console>
<Syslog name="syslog" host="localhost" port="514" protocol="UDP" charset="ISO-8859-1">
</Syslog>
<RollingFile name="AppLog" fileName="/var/log/app.log"
filePattern="/var/log/$${date:yyyy-MM}/app-%d{MM-dd-yyyy}-%i.log.gz">
<PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
<Policies>
<TimeBasedTriggeringPolicy/>
</Policies>
</RollingFile>
</appenders>
As you can see I have a Console appender and RollingFile appender with a specific PatternLayout. I want to use the same PatternLayout for the Syslog appender. However, the log messages in the syslog seem to always use a predefined layout. I tried to do the following:
<Syslog name="syslog" host="localhost" port="514" protocol="UDP" charset="ISO-8859-1">
<PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
</Syslog>
But this does not have any effect. the syslog messages still have the same predfined format.
How can I determine the format of my log messages that go into the syslog?
712
PatternLayout to format your logging information. The PatternLayout class extends the abstract org. apache. log4j. Layout class and overrides the format() method to structure the logging information according to a supplied pattern.
"SyslogAppender is a SocketAppender that writes its output to a remote destination specified by a host and port in a format that conforms with either the BSD Syslog format or the RFC 5424" http://logging.apache.org/log4j/2.x/manual/appenders.html#SyslogAppender. However, it does allow you to specify "format = RFC 5424"
Log4j2 RollingFileAppender is an OutputStreamAppender that writes log messages to files, following a configured triggering policy about when a rollover (backup) should occur. It also has a configured rollover strategy about how to rollover the file.
As mentioned in this log4j2 bug report, the developers of log4j2 coded the SyslogAppender as a SocketAppender hardwired to a SyslogLayout
because it is intended to conform to either the original syslog format or RFC 5424. No other Layout should be permitted.
They unfortunately did not realize that the RFC 5424 specifications do not enforce any particular format for the message contained in the log, that in the Log4j2 implementation is only the %m portion of the log.
To solve this issue, a solution (suggested in the same bug report) is to reproduce the syslog format using a PatternLayout inside a SocketAppender, like so
<Socket name="SYSLOG" host="localhost" port="514" protocol="UDP">
<PatternLayout
pattern="<1>%d{MMM dd HH:mm:ss} ${hostName} appName: {
"host":"${hostName}",
"thread":"%t",
"level":"%p",
"logger":"%c{1}",
"line":%L,
"message":"%enc{%m}",
"exception":"%exception"
}%n"
/>
</Socket>
This will write well-formatted RFC5424 logs to local 514 port through UDP. Following is a sample log output:
Sep 14 10:40:50 app-hostname app-name: { "host":"host-name-01", "thread":"http-nio-8080-exec-4", "level":"DEBUG", "logger":"ExecuteTimeInterceptor", "line":52, "message":"GET /health 200 served in 3", "exception":"" }
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
