Menu
I'm unable to write log messages into syslog. Any help would be great. Here is my simple log4j program
import org.apache.log4j.Logger;
import java.io.*;
import java.sql.SQLException;
import java.util.*;
public class log4jExample
{
/* Get actual class name to be printed on */
static Logger log = Logger.getLogger(log4jExample.class.getName());
public static void main(String[] args) throws IOException,SQLException
{
log.error("Hello this is an error message");
log.info("Hello this is an info message");
log.fatal("Fatal error message");
}
}
My syslog properties file
# configure the root logger
log4j.rootLogger=INFO, SYSLOG
# configure Syslog facility LOCAL1 appender
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.threshold=WARN
log4j.appender.SYSLOG.syslogHost=localhost
log4j.appender.SYSLOG.facility=LOCAL4
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.conversionPattern=[%p] %c:%L - %m%n
853
log4j is a reliable, fast and flexible logging framework (APIs) written in Java, which is distributed under the Apache Software License. log4j is a popular logging package written in Java.
Log4j allows logged messages to contain format strings that reference external information through the Java Naming and Directory Interface (JNDI). This allows information to be remotely retrieved across a variety of protocols, including the Lightweight Directory Access Protocol (LDAP).
Add the following lines to rsyslog.conf file
$ModLoad imudp
$UDPServerRun 514
It worked for me.
Need to restart the rsyslog after modfications.
59
The answer from @Sandeep above is the correct one, but it's from 2012 so I wanted to expand a little bit for folks who are using more recent setups. For instance, on Ubuntu 18.04 the /etc/rsyslog.conf file now has data near the top of the file that looks like this:
#################
#### MODULES ####
#################
module(load="imuxsock") # provides support for local system logging
#module(load="immark") # provides --MARK-- message capability
# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")
# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")
Uncommenting the two UDP lines and then running sudo service rsyslog restart worked for me. The Java Log4J Syslog appender (https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/net/SyslogAppender.html) expects syslog to be listening on UDP port 514 on localhost.
As a potential further security improvement, you may also consider binding to the loopback address so port 514 isn't visible external to the host if you don't need it to be:
input(type="imudp" port="514" address="127.0.0.1")
It's also possible to make this update without having to touch the existing /etc/rsyslog.conf file; instead you can add a new conf file under the /etc/rsyslog.d/ directory, e.g. /etc/rsyslog.d/10-open-upd-port.conf, that only contains these lines:
module(load="imudp")
input(type="imudp" port="514" address="127.0.0.1")
And then restart the rsyslog daemon as described above.
To see whether or not the rsyslog daemon is actively listening on the UDP port 514, I found this command useful as well: sudo lsof -iUDP:514 -nP -c rsyslogd -a (show listeners on port UDP 514 whose command is "rsyslogd").
38
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
