I am having an issue with log4j2's SyslogAppender on Mac (OSX 10.9.2). The default format which log4j2 is sending to syslog is causing the messages to be parsed incorrectly. My configuration:
<Syslog name="Syslog" host="localhost" port="514"
protocol="UDP" format="RFC5424" appName="MyApp" id="log4j2-test"
mdcIncludes="Priority,Logger,Exception,Message" newLine="true">
</Syslog>
When I run:
syslog -F raw
I get the following:
[ASLMessageID 1291756] [Time 1411090836] [TimeNanoSec 0] [Level 6] [PID 4294967295] [UID 4294967294] [GID 4294967294] [ReadGID 80] [Host 1] [Sender 2014-09-19T01] [Facility local0] [Message 40:36.481Z Mario.local MyApp - - - Hello, world!]
The same message without the raw formatting shows up like this:
Sep 19 09:40:36 1 2014-09-19T01[4294967295] <Info>: 40:36.481Z Mario.local MyApp - - - Hello, world!
Based on how the Date String is split between two places, it looks like log4j2 SyslogAppender uses a default format of:
%d <host> <app> - - - %m
And syslog is splitting everything incorrectly. The Sender should not be the first part of the Date String, and the Message should not be the combined rest of the message.
I cannot find a way to change SyslogAppender's format string, as adding a PatternLayout element inside is just ignored. I have also looked into the LoggerFields solution proposed here: log4j2 - Syslog appender and PatternLayout and that only complicates the Message element further without fixing the problem of having the incorrect Sender.
Does anyone know how to adjust log4j2's SyslogAppender so that it sends properly formatted messages to OSX 10.9.2's syslog?
