How to send from Tomcat log (catelina.out) to Syslog?

Linux and Unix-Like Linux
1

Dear All:)

We want to send log message from Tomcat Log to Syslog. So we have configured as follows:

Our environment: Tomcat 5.5 with CentOS 5.6 Final version (32Bit)

log4j.properties file location:
/usr/share/tomcat5/common/classes

log4j-1.2.16.jar and commons-logging-1.1.1.jar file location:
/usr/share/tomcat5/common/lib

log4j.properties file contents:

[root@CENTOSTESTER classes]# cat log4j.properties
log4j.rootLogger=WARN, file, SYSLOG
log4j.appender.file=org.apache.log4j.RollingFileAppender
log4j.appender.file.append=true
log4j.appender.file.File=/var/log/tomcat5/tomcat.log
log4j.appender.file.MaxFileSize=5MB
log4j.appender.file.maxBackupIndex=10
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d{DATE} - [%t] - %C{1}.%M(%L) - %p: %m%n
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.SyslogHost=127.0.0.1
log4j.appender.SYSLOG.Facility=LOCAL0
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.ConversionPattern=%-4r %-5p %c{2} %M.%L %x - %m\n
log4j.appender.SYSLOG.threshold=DEBUG
# Print only messages of level ERROR or above in the package noModule.
log4j.logger.noModule=FATAL
# OpenSymphony Stuff
log4j.logger.net.apache.framework=DEBUG
log4j.logger.net.apache=DEBUG
log4j.logger.org.apache.struts2=ERROR
log4j.logger.org.hibernate.type=ERROR
log4j.logger.org.hibernate.SQL=ERROR
[root@CENTOSTESTER classes]#

In Syslog we have this entry for tomcat logs:
/etc/syslog.conf file

# syslog server's ip address
*.*     @192.168.10.13

Tomcat service and Syslog service restarted.

Created folder in /var/logs/tomcat5:
Tomcat.log file. But there is no data in tomcat.log file.

And Syslog server can't the syslog. Apart of Tomat log, another log message is received.

How to solve?

Thank you in advance.

2

@ in syslog says forward the syslog packets. You want remote logging?

3

2 things to check:

  1. You mentioned the /var/log/tomcat5/ directory. Did you create /var/log/tomcat5/ or /var/log/tomcat5? Note also that it'll need to be writable by whatever user is running Tomcat/log4j.

  2. Is your syslog daemon configured to accept events over IP sockets (bind to a port), and not just locally (ie, /dev/log)? You might test that by generating an event with "logger" and see whether that appears in the system syslog and/or your remote log host. Instructions at http://help.papertrailapp.com/kb/configuration/generate-a-test-remote-syslog-message

It could also be that log4j isn't receiving any messages, but that config looks sane at first pass.

If you want to test with a known-good syslog receiver, make a free account at http://papertrailapp.com/ and add a system. You'll get a hostname that you can log to, and should be able to drop that into the SyslogAppender then see your messages appear. If you don't see messages appearing, they aren't being generated.

1 Like