I am trying to get the Syslog thing working. I am using Log4j 2.7 SyslogAppender (org.apache.logging.log4j.core.appender). I have local syslog relay server listening on port 514 (UDP). All the local syslog messages are forwarded to remote Syslog server. This all was working fine till I was sending the syslog messages using java.net.DatagramPacket class which was directly relaying the messages on port 514 of localhost.
Later I decided to use SyslogAppender and started seeing troubles. Below is my log4j properties file where I have configured my Syslog logger/appender
appenders = rolling, SYSLOG
appender.SYSLOG.type = Syslog
appender.SYSLOG.name = Syslog
appender.SYSLOG.host = 127.0.0.1
appender.SYSLOG.port = 514
appender.SYSLOG.protocol = UDP
logger.syslog.name = root.syslog
logger.syslog.level = info
logger.syslog.additivity = false
logger.syslog.appenderRef = SYSLOG
I am using this logger in my Java class as follows-
private static final Logger myLogger = LoggerFactory.getLogger("root.syslog");
.
.
myLogger.info("My test message");
I have all set in /etc/rsyslog.conf as follows (As I alreayd mentioned, everything was working fine so far)-
$ModLoad imudp
$MaxMessageSize 64k
$UDPServerAddress 127.0.0.1
$UDPServerRun 514
I did tcpdump as tcpdump -i lo port 514 -w local-syslog-appender.pcap. But I don't see any messages being sent to this channel. I have captured the traffic on this port before when I was using DatagramPacket java.net.DatagramPacket. But after moving to SyslogAppender, nothing shows up. F1.
I am not sure how to troubleshoot this appender and how to get this working.
