java - transfer logs to remote server with rsyslog and log4j -
i'm trying write logs on central log server log4j syslogappender , rsyslog
my rsyslog version "4.6.2"
first, created templates based on facility names , works. (you can see example below in conf file "local6 , "local2" )
but local0-local7 , user facilities names not enough , have lot of log files (~30) , i'm trying filter messages according content , write specific log "directory/file" structure , fails
i used following configuration:
:msg,contains,"app1" /var/log/%fromhost%/yyy/aplicationname.log my configuration in log4j syslogappender :
log4j.appender.syslog=org.apache.log4j.net.syslogappender log4j.appender.syslog.layout.conversionpattern=app1 %d{yyyy-mm-dd hh:mm:ss} [%p] [%c] %m %n log4j.appender.syslog.facility=user configuration on remote server
#rsyslog v3 config file $modload imuxsock.so # provides support local system logging (e.g. via logger command) $modload imklog.so # provides kernel logging support (previously done rklogd) # provides tcp syslog reception $modload imudp.so $udpserverrun 514 #### global directives #### $actionfiledefaulttemplate rsyslog_traditionalfileformat $template lvl6,"/var/log/%fromhost%/zzz/aaa.log" $template lvl2,"/var/log/%fromhost%/zzz/bbb.log" :msg,contains,"app1" /var/log/%fromhost%/yyy/app1.log #### rules #### *.info;mail.none;authpriv.none;cron.none /var/log/messages authpriv.* /var/log/secure mail.* -/var/log/maillog cron.* /var/log/cron *.emerg * uucp,news.crit /var/log/spooler local7.* /var/log/boot.log local6.* ?lvl6 local2.* ?lvl2 received message on central log server looks :
aug 8 10:50:50 app1 2013-08-08 10:50:50 [error] [anotherlogstuff] anotherlogstuff: test error message
Comments
Post a Comment