Reputation: 11254
Log to splunk via Log4Net UdpAppender/TcpAppender
We've an application that uses Log4Net for logging. Now we've the problem that we want to change our logging destination to Splunk. I've found several links that are desribing the use of the standard Log4Net UdpAppender (e.g. this link). I also found some "special" splunk log libraries. At the time I'm little bit confused which approach (Log4Net UdpAppender vs Splunk logging libraries) is the best one.
Can somebody explain the pros and cons of the different solutions?
Thx
Upvotes: 0
Views: 2060
Answers (1)
Reputation: 207
Splunk best practices says that you should use a syslog server to capture the UDP traffic on and log it. You should then install a Splunk Universal Forwarder on the syslog server and have it send to Splunk. The advantage of this is you will not have any gaps in traffic volumes. There are some times when you have to restart Splunk for configurations to take place, this will mean Splunk is down and cannot accept UDP messages. If your in a non-prod environment, you can simply enable Splunk to listen on port 514 and send your UDP traffic to it.. UdpAppender is not needed
Upvotes: 1
Related Questions
- Add new appender to log4net file
- How to add log4net appender in runtime?
- log4net: udp appender to splunk only logs first character
- Get Appenders from Log4Net LogManager
- Getting log4net to work
- How to setup log4net to log from an interface
- log4net custom appender not working
- Log4Net File Appender Not Logging
- Log4net UDP Appender in Windows Service
- log4net custom log objects and appender