- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Is there any method to index log4j syslog from remote log4j server?
I want to index log4j syslog from remote log4j server, but I noticed the data is not plain text, splunk can not index them dicretly via network.
I read the best way to index log4j file is to set up a standard log4j-syslog appender on my log4j host.
However, log4j-syslog appender seems to be no longer available.
http://www.splunk.com/wiki/Community:Log4j
Does anybody know if there is any other method to index log4j from remote log4j server?
If log4j-syslog appender is still available, please also let me know how I can get it.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
the syslog appender is still available. You can configure it like so;
# Syslog appender
log4j.appender.syslog=org.apache.log4j.net.SyslogAppender
log4j.appender.syslog.layout=org.apache.log4j.PatternLayout
log4j.appender.syslog.layout.ConversionPattern=%-5.5p | %other_pattern | %m%n
# Set the following to yoursyslogserver:514 for remote.
log4j.appender.syslog.SyslogHost=localhost:514
log4j.appender.syslog.Facility=Local0
log4j.appender.syslog.Threshold=WARN
log4j.appender.syslog.FacilityPrinting=false
The syslog appender is definitely still available in log4j 1.2 API: API doc
On a side note, we use a local splunkforwarder with udp:localhost:514 listener forwarding to our index server - its more reliable like this, as UDP is a "fire and forget" protocol.
