Writing log data to syslog using log4j

Asked 5/11, 2012 at 15:2 Answered 19/11, 2020 at 21:28

I'm unable to write log messages into syslog. Any help would be great. Here is my simple log4j program

import org.apache.log4j.Logger;
import java.io.*;
import java.sql.SQLException;
import java.util.*;

public class log4jExample
{
  /* Get actual class name to be printed on */
  static Logger log = Logger.getLogger(log4jExample.class.getName());

  public static void main(String[] args) throws IOException,SQLException
  {

     log.error("Hello this is an error message");
     log.info("Hello this is an info message");
     log.fatal("Fatal error message");
  }
}

My syslog properties file

# configure the root logger
log4j.rootLogger=INFO, SYSLOG


# configure Syslog facility LOCAL1 appender
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.threshold=WARN
log4j.appender.SYSLOG.syslogHost=localhost
log4j.appender.SYSLOG.facility=LOCAL4
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.conversionPattern=[%p] %c:%L - %m%n

Masto answered 5/11, 2012 at 15:2 Comment(0)

Add the following lines to rsyslog.conf file

$ModLoad imudp
$UDPServerRun 514

It worked for me.

Need to restart the rsyslog after modfications.

Masto answered 5/11, 2012 at 21:6 Comment(4)

You might need to restart rsyslogd as well after making these changes. – Hirz 6/11, 2012 at 15:4

Yes forgot to mention it . Thanks – Masto 6/11, 2012 at 15:56

@SandeepRao Perfect! I spent about hour trying undertand why I don't see anything in MySQL database from LOG4J :-) Thanks you. – Carmel 4/4, 2014 at 14:47

This worked, although I could not find where logs were being saved in rsyslog server so this line made the magic happen in /etc/rsyslog.conf file ; *.info;mail.none;authpriv.none;cron.none /var/log/messages – Gheber 13/8, 2019 at 16:48

The answer from @Sandeep above is the correct one, but it's from 2012 so I wanted to expand a little bit for folks who are using more recent setups. For instance, on Ubuntu 18.04 the /etc/rsyslog.conf file now has data near the top of the file that looks like this:

#################
#### MODULES ####
#################

module(load="imuxsock") # provides support for local system logging
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
#module(load="imudp")
#input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

Uncommenting the two UDP lines and then running sudo service rsyslog restart worked for me. The Java Log4J Syslog appender (https://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/net/SyslogAppender.html) expects syslog to be listening on UDP port 514 on localhost.

As a potential further security improvement, you may also consider binding to the loopback address so port 514 isn't visible external to the host if you don't need it to be:

input(type="imudp" port="514" address="127.0.0.1")

It's also possible to make this update without having to touch the existing /etc/rsyslog.conf file; instead you can add a new conf file under the /etc/rsyslog.d/ directory, e.g. /etc/rsyslog.d/10-open-upd-port.conf, that only contains these lines:

module(load="imudp")
input(type="imudp" port="514" address="127.0.0.1")

And then restart the rsyslog daemon as described above.

To see whether or not the rsyslog daemon is actively listening on the UDP port 514, I found this command useful as well: sudo lsof -iUDP:514 -nP -c rsyslogd -a (show listeners on port UDP 514 whose command is "rsyslogd").

Bohrer answered 19/11, 2020 at 21:28 Comment(1)

Good update for the more recent rsyslog.conf setup. Is it possible to have a spring application send logs to syslog via TCP instead of UDP? – Surname 17/6, 2022 at 18:2

Recommended topics

Hot tags