JBoss access logs with log rotation

Question

I'm trying to tell my jboss to write an access log with all information I need and use a daily log rotation. So far this is not an issue. The ultimate goal is to send all access log entries to an elk stack using logstash forwarder. Also not that big a deal. The problem I'm having now is to define the access logs names.

JBoss offers log rotation out of the box but adds a timestamp to each logfile so todays file also has a timestamp suffix.

What I want to achive is the same behavior as tomcat or as jbosses server.log. Meaning todays file should just be named access.log and only have a suffix appended when todays file becomes yesterdays file and hence is rotated into inactve state.

my jboss config looks like this:

<subsystem xmlns="urn:jboss:domain:logging:1.3">
    <periodic-rotating-file-handler name="FILE" autoflush="true">
        <formatter>
            <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
        </formatter>
        <file relative-to="jboss.server.log.dir" path="server.log"/>
        <suffix value=".yyyy-MM-dd"/>
        <append value="true"/>
    </periodic-rotating-file-handler>
    <periodic-rotating-file-handler name="ACCESS" autoflush="true">
        <formatter>
            <pattern-formatter pattern="%d{HH:mm:ss,SSS} %-5p [%c] (%t) %s%E%n"/>
        </formatter>
        <file relative-to="jboss.server.log.dir" path="access.log"/>
        <suffix value=".yyyy-MM-dd"/>
        <append value="true"/>
    </periodic-rotating-file-handler>
    <logger category="com.arjuna">
        <level name="WARN"/>
    </logger>
    <logger category="org.apache.tomcat.util.modeler">
        <level name="WARN"/>
    </logger>
    <logger category="org.jboss.as.config">
        <level name="DEBUG"/>
    </logger>
    <logger category="sun.rmi">
        <level name="WARN"/>
    </logger>
    <logger category="jacorb">
        <level name="WARN"/>
    </logger>
    <logger category="jacorb.config">
        <level name="ERROR"/>
    </logger>
    <root-logger>
        <level name="INFO"/>
        <handlers>
            <handler name="FILE"/>
            <handler name="ACCESS"/>
        </handlers>
    </root-logger>
</subsystem>

And here is my access-log config with log rotation enabled (has above mentioned timestamp behavior). When I set rotate="false" I get an access.log which it's not ratated.

<subsystem xmlns="urn:jboss:domain:web:1.5" default-virtual-server="default-host" native="false">
    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
    <virtual-server name="default-host" enable-welcome-root="true">
        <alias name="localhost"/>
        <alias name="example.com"/>
        <access-log pattern="&quot;%{HOST}i&quot; - %h %t &quot;%m&quot; &quot;%U&quot; - &quot;%q&quot; - &quot;%H&quot; - %s %B &quot;%{User-Agent}i&quot; %T %D &quot;%p&quot;" prefix="access.log" rotate="true">
            <directory path="."/>
        </access-log>
    </virtual-server>
</subsystem>

Right now I see two ways to send the logfiles to my elk stack. First is writing into an access.log with no timestamp and add timestamp on rotation so the logstash forwarder can always read access.log. Second is set up the forwarders config to always check the newest access.log file. This way the timestamped filename wouldn't be an issue. But I don't know if thats possible.

I'd be grateful for any advice. Thanks and regards. Sebastian

Answer 1

Note

• The solution below is tested on EAP 7.0/Wildfly 10.
• All configuration shown below is done in standalone.xml

The log rotation that comes directly with the access-log of JBoss EAP / Wildfly is very basic and has some limitations. In the question above the log rotation is activated as follows

<access-log .... rotate="true" />

In our case we solved the poor log rotation by not using it and sending the access log to general server log (note use-server-log="true").

<subsystem xmlns="urn:jboss:domain:undertow:4.0">
  ...
  <server name="default-server">
    <http-listener  name="default" socket-binding="http"  record-request-start-time="true" redirect-socket="https" />
    <https-listener name="https"   socket-binding="https" record-request-start-time="true" security-realm="ApplicationRealm" />
    <host name="default-host" alias="localhost">
      <!-- how to access log see https://access.redhat.com/solutions/2423311 -->
      <!-- access log pattern see http://undertow.io/javadoc/1.3.x/io/undertow/server/handlers/accesslog/AccessLogHandler.html -->
      <!-- Hint: access log is sent to server log (use-server-log="true") in order to add proper log file rolling/purging and set a readable timestamp -->
      <access-log pattern="%h %l %u &quot;%r&quot; %s %b &quot;%{i,Referer}&quot; &quot;%{i,User-Agent}&quot; &quot;%{i,COOKIE}&quot; &quot;%{o,SET-COOKIE}&quot; %S &quot;%I&quot; %T" use-server-log="true"/>
      ...
    </host>
  </server>

Important do not forget the record-request-start-time="true" on the http-listener otherwise you will not get any timing logs.

In the <subsystem xmlns="urn:jboss:domain:logging section we configured access logging as follows:

<profile>
    <subsystem xmlns="urn:jboss:domain:logging:3.0">
        ...
        <!-- log rotate access.log by size to avoid disk-full -->
        <size-rotating-file-handler name="ACCESS" autoflush="true">
            <formatter>
                <pattern-formatter pattern="[%d] - %s%n"/>
            </formatter>
            <file relative-to="jboss.server.log.dir" path="access.log"/>
            <rotate-size value="10485760"/>
            <max-backup-index value="5"/>
            <append value="true"/>
        </size-rotating-file-handler>
        ...
        <logger category="io.undertow.accesslog" use-parent-handlers="false">
            <handlers>
                <handler name="ACCESS"/>
            </handlers>
        </logger>
        <root-logger>
            <level name="INFO"/>
            <handlers>
                <handler name="CONSOLE"/>
                <handler name="FILE"/>
            </handlers>
        </root-logger>
        ...
    </subsystem>

This will create at maximum 5 access log files with each 10MB. There are also other log handlers that are available e.g. daily rolling.

Information about how to configure JBoss Logging / LogHandlers:

• https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/configuration_guide/logging_with_jboss_eap
• https://access.redhat.com/documentation/en-us/red_hat_jboss_enterprise_application_platform/7.0/html/configuration_guide/logging_with_jboss_eap#configuring_log_handlers

Further information here for those having a RedHat Account:

• https://access.redhat.com/solutions/2423311
• https://access.redhat.com/solutions/2773641