[syslog-ng] syslog-ng and log4j

Sigurður Bjarnason siggi at betware.com
Mon Mar 10 13:33:16 CET 2008 

Well,

The log4j client is sending to the local client and that client is sending to the central server..  however... I am seeing drop in logs :( 

options { create_dirs(yes);
          dir_perm(0755);
	  dir_owner(root);
	  dir_group(root);
          perm(0600);
          owner(root);
	  group(root);
          chain_hostnames(no);
          keep_hostname(yes);
          stats(900);
          use_time_recvd(yes);
          time_reopen(5); };

source local {
        pipe("/proc/kmsg");
        unix-stream("/dev/log");
        internal();
        udp(port(514));
        tcp(port(514) keep-alive(yes) max-connections(5)); };


## send everything to loghost too in case of 2x syslog servers
destination syslog-server-1 { tcp("192.168.1.150" port(514));};
destination syslog-server-2 { tcp("192.168.1.151" port(514));};
log { source(local); destination(syslog-server-1);destination(syslog-server-2);};


this is my local syslog-ng client config, if I take the udp port part out.. no logs arrive from log4j.  

Regards
Siggi






-----Original Message-----
From: syslog-ng-bounces at lists.balabit.hu [mailto:syslog-ng-bounces at lists.balabit.hu] On Behalf Of Balazs Scheidler
Sent: 10. mars 2008 11:41
To: Syslog-ng users' and developers' mailing list
Subject: Re: [syslog-ng] syslog-ng and log4j


On Mon, 2008-03-03 at 15:30 +0000, Sigurður Bjarnason wrote:
> Hi All
> 
>  
> 
> My first time on this list so be gentle J
> 
>  
> 
> I have questions about syslog-ng and log4j.
> 
>  
> 
> I am using syslog-ng as central server with syslog-ng on clients
> forwarding logs to the central server and I have notice that logs from
> java ( log4j ) are being dropped under heavy load, so I did some
> investigating and found out that log4j only send on UDP rather then
> TCP like all other logs .
> 
>  
> 
> Is it possible to get log4j to send logs over TCP by sending logs from
> java to socket or otherwise, I would  guess that log4j is not capable
> of sending logs to TCP since I have tried to take the udp section out
> of the syslog-ng config and then no logs are received from java L
> 
>  
> 
> Can please someone tell me what my options are here, I really need to
> get logs from java over to the central server without this drop since
> these are the most critical logs on my system .

 
Can you configure log4j to send messages to a local syslog-ng process
and then have that process send out messages via TCP?


-- 
Bazsi

_______________________________________________
syslog-ng maillist  -  syslog-ng at lists.balabit.hu
https://lists.balabit.hu/mailman/listinfo/syslog-ng
Frequently asked questions at http://www.campin.net/syslog-ng/faq.html

More information about the syslog-ng mailing list