(Splunk is enterprise software used to monitor, report and analyze the machine data produced by the applications, systems and infrastructure that run a business,http://en.wikipedia.org/wiki/Splunk.)
I am running Solaris
bash-3.00# uname -a
SunOS atlas.haritamineral.com 5.10 Generic_141445-09 i86pc i386 i86pc
bash-3.00#
Using syslog for logging jetty log.
The configuration of log4j.properties looks like:
log4j.rootCategory=INFO, CONSOLE, LOGFILE, SYSLOG
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.Threshold=INFO
log4j.appender.SYSLOG.Target=com.haritamineral
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.ConversionPattern=%d{dd/MMM/yy HH:mm:ss} %5p %t %c{1}:%L - %m%n
log4j.appender.SYSLOG.SyslogHost=localhost
log4j.appender.SYSLOG.Facility=Local2
log4j.appender.SYSLOG.FacilityPrinting=true
and the syslog.conf in /etc
I Just add one line
#jetty
local2.info @master.haritamineral.com
Where is master.haritamineral.com is splunk server that listen logging UDP and TCP running on port 514.
for restart, disable, enable the syslog is using svcadm command.
#svcadm restart system-log
First try, I am getting error :
Nov 21 14:34:25 atlas.haritamineral.com syslogd: line 20: unknown priority name
After googling, that my mistakes is using of space instead of TAB key.
as you can see you can see my log4j in my jetty applications in Splunk Log Management.
No comments:
Post a Comment