Write the application logs to remote server using Log4j

Question

I need to write [send] my app logs,that is written by File Appender of my Log4j, to a remote server [for Elastic search purpose], other than where my application is currently running.

How can i do this feature?? Is there any separate appender or configuration for this use case??

I know that gelf appender can push few selected values to ELK server.

<Gelf name="gelf" host="udp:34.yyx.yz.xxx" port="1514" version="1.0"
            extractStackTrace="true" filterStackTrace="true" mdcProfiling="true"
            includeFullMdc="true" maximumMessageSize="8192" originHost="%host"
            ignoreExceptions="true">
            <Field name="timestamp" pattern="%d{dd MMM yyyy HH:mm:ss,SSS}" />
            <Field name="level" pattern="%level" />
            <Field name="simpleClassName" pattern="%C{1}" />
            <Field name="className" pattern="%C" />
            <Field name="server.simple" pattern="%host{simple}" />
            <Field name="server.fqdn" pattern="%host{fqdn}" />
            <Field name="application" literal="${env:HOSTNAME}" />
        </Gelf>

Is there any other different approach so that i could sent my app logs to remote server as full file.

Answer 1

It is not necessarily a good idea to have Log4j directly send your logs to a remote system. What happens when your ELK server is down (e.g. for maintenance)?

A much better approach is to leverage Filebeat whose sole and only job is to to tail your log files and send them to your ELK server. If the latter is down for any reason, Filebeat will pause, buffer the logs and retry later. It's a much more robust way of making sure that all your logs eventually make it to your ELK server.

When starting for the first time, Filebeat will identify all the log files you've configured and start reading them from the beginning and send one log line after another to the ELK server. When it's done, it will continue tailing those log files waiting for new log lines to send.