Reputation: 37106
Syslog doesn't accept syslog messages from application which use syslog4j logback appender
I try to create example.
My java application will use syslog logback appender to write to syslog. I want to up syslog server on my local machine and receive message from application there.
1. Let' start from application side:
logback.xml:
...
<appender name="SYSLOG_APPENDER" class="com.papertrailapp.logback.Syslog4jAppender">
<layout class="ch.qos.logback.classic.PatternLayout">
<pattern>%-5level %logger{35}: %m%n%xEx</pattern>
</layout>
<syslogConfig class="org.productivity.java.syslog4j.impl.net.tcp.TCPNetSyslogConfig">
<!-- remote system to log to -->
<host>localhost</host>
<!-- remote port to log to -->
<port>601</port>
<!-- program name to log as -->
<ident>java-app</ident>
<facility>local7</facility>
<!-- max log message length in bytes -->
<maxMessageLength>128000</maxMessageLength>
</syslogConfig>
</appender>
<logger name="syslog" additivity="false">
<level value="INFO"/>
<appender-ref ref="SYSLOG_APPENDER"/>
</logger>
...
In application I have following code:
private static final Logger loggerSyslog = LoggerFactory.getLogger("syslog");
...
loggerSyslog.info("test message");
2. Docker compose
version: '3.6'
services:
syslog:
image: balabit/syslog-ng:latest
container_name: syslog
entrypoint: /usr/sbin/syslog-ng
command: "-F -edv"
ports:
- 514:514
- 601:601
and execute docker compose up -d
3. Testing:
I run the application and make sure that this line is executed:
loggerSyslog.info("test message");
Based on github readme:
Syslog-ng will listen on these ports and forwards the logs into the file /var/log/syslog.
I tried to find this file inside docker container but there are no file with such name.
What could be wrong ? Could you please provide diagnostic steps to find the root cause and then fix it ?
P.S.
I also checked
/var/log/messages
because of this line.
https://github.com/syslog-ng/syslog-ng/blob/master/docker/syslog-ng.conf#L34C8-L34C26
It contains some content but it is not changing after I execute line
loggerSyslog.info("test message");
So looks like it doesn't write log there
P.P.S
I check content of file etc/syslog-ng/syslog-ng.conf inside of my container
#############################################################################
# Default syslog-ng.conf file which collects all local logs into a
# single file called /var/log/messages tailored to container usage.
#
# The changes from the stock, default syslog-ng.conf file is that we've
# dropped the system() source that is not needed and that we enabled network
# connections using default-network-drivers(). Customize as needed and
# override using the -v option to docker, such as:
#
# docker run ... -v "$PWD/syslog-ng.conf":/etc/syslog-ng/syslog-ng.conf
#
@version: 4.7
@include "scl.conf"
source s_local {
internal();
};
source s_network {
default-network-drivers(
# NOTE: TLS support
#
# the default-network-drivers() source driver opens the TLS
# enabled ports as well, however without an actual key/cert
# pair they will not operate and syslog-ng would display a
# warning at startup.
#
#tls(key-file("/path/to/ssl-private-key") cert-file("/path/to/ssl-cert"))
);
};
destination d_local {
file("/var/log/messages");
file("/var/log/messages-kv.log" template("$ISODATE $HOST $(format-welf --scope all-nv-pairs)\n") frac-digits(3));
};
log {
source(s_local);
source(s_network);
destination(d_local);
};
P.P.P.S
I also tried to use another library to send syslog message from java app side:
TcpSyslogMessageSender messageSender = new TcpSyslogMessageSender();
messageSender.setDefaultMessageHostname("myhostname"); // some syslog cloud services may use this field to transmit a secret key
messageSender.setDefaultAppName("my_app"); // +
messageSender.setDefaultFacility(Facility.LOCAL7); // +
messageSender.setDefaultSeverity(Severity.INFORMATIONAL);
messageSender.setSyslogServerHostname("localhost");
messageSender.setSyslogServerPort(601);
messageSender.setMessageFormat(MessageFormat.RFC_5424);
but result is the same.
dependency for the library is
<dependency>
<groupId>com.cloudbees</groupId>
<artifactId>syslog-java-client</artifactId>
<version>1.1.7</version>
</dependency>
Upvotes: 0
Views: 66
Answers (0)
Related Questions
- How to let syslog workable in docker?
- Why not use java.util.logging?
- log4j2 SyslogAppender not writing to logs
- logging with syslog-ng and systemd
- syslog-ng unable to send logs via tls - handshake error
- [Docker][syslog-ng] Getting the error: "docker: invalid reference format"
- OpenWRT: Use logread to send remote logging data to syslog-ng client
- Logback with Spring Boot - programatically change configuration at runtime to add Syslog Appender