[syslog-ng] Proper formatting of incoming Log4j, Jetty events
Clayton Dukes
cdukes at gmail.com
Wed Dec 16 15:32:53 CET 2015
Hi,
I'm having trouble with getting "good" fields from Jetty.
I found this:
http://blog.trifork.com/2010/01/14/logging-to-the-syslog-from-a-java-application/
And had my user configure their log4j with the given recommendation, but
the events still come in quite poorly.
Our syslog-ng template uses the following template:
@${R_UNIXTIME:--}.${R_USEC}\t${HOST:--}\t${PRI:--}\t${PROGRAM:--}\t${MSGONLY}\n");
Some sample events:
@1450275007.912996 host001 173 2015-12-16 16:10:07,836 DEBUG
[HeartbeatGeneratorTimer] <-- sessionKey=179:
out>{"method":"Heartbeat","jsonrpc":"2.0"}
As you can see - this event is sending the date as the program name.
Another:
@1450275007.924140 host002 13 521 <174>1 2015-12-16T16:10:07+02:00
host002 /openam 1000430466 AUTHENTICATION-303 [logRecord at 36733
LoginID="id=2565a24-0829-11e2-b614-001e371e7e40,ou=user,dc=opensso,dc=java,dc=net"
ContextID="b1de62b91530d5303" IPAddr="10.3.109.13" LogLevel="INFO"
Domain="dc=opensso,dc=java,dc=net" ModuleName="ProfileMapper|Mandate|LDAP"
HostName="10.3.109.13" LoggedBy="cn=dsameuser,ou=DSAME
Users,dc=opensso,dc=java,dc=net" MessageID="AUTHENTICATION-303" NameID=""
TIME="2015-12-16 16:10:07"] Logout|service|mailService
This one is sending the program name as an integer (521)
There are many others, the program names consist of the following (out of
about 100k events):
-
"
.0.9"},"parentID"
...80)
ame"
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:275)
del"
...e.common.AuthenticationFilter.doFilter(AuthenticationFilter.java
...ee.elion.smarthome.common.AuthenticationFilter.doFilter(AuthenticationFilter.java
...eJspFile(JspServlet.java
EST
in
,"is_recording"
iWeather"},{"id"
leRecordID"
me"
model"
ng"
ngth"
...rg.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java
se,"is_recording"
....servlet.JspServlet.serviceJspFile(JspServlet.java
tin
Does anyone have a good way to fix this?
______________________________________________________________
Clayton Dukes
______________________________________________________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.balabit.hu/pipermail/syslog-ng/attachments/20151216/3a14c9e0/attachment.htm
More information about the syslog-ng
mailing list