1

I know this type of question has been asked before but I could not find any suitable answer for it. I am using a syslog appender to send my java application logs to Syslog but it does not work. My log4j2.xml file is:

?xml version="1.0" encoding="UTF-8"?>
<Configuration status="DEBUG">
    <Appenders>
        <Console name="LogToConsole" target="SYSTEM_OUT">
            <PatternLayout pattern="%d{HH:mm:ss.SSS} [%t] %-5level %logger{36} - %msg%n"/>
        </Console>
        <Syslog name="syslogAppender" format="RFC5424" host="localhost" newLine="true" port="514" protocol="UDP" appName="MyApp" 
        facility="USER" messageId="Audit" mdcId="mdc" includeMDC="true" id="SmartTerminal-EventScheduler"
        connectTimeoutMillis="1000" reconnectionDelayMillis="5000"/>
    </Appenders>
    <Loggers>
        <Logger name="com.mycorp" level="info" />
        <Root level="error">
            <AppenderRef ref="syslogAppender"/>
            <AppenderRef ref="LogToConsole" />
        </Root>
    </Loggers>
</Configuration>

Here is my /etc/rsyslog.conf file:

#################

module(load="imuxsock") # provides support for local system logging
#module(load="immark")  # provides --MARK-- message capability

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

# provides TCP syslog reception
#module(load="imtcp")
#input(type="imtcp" port="514")

# provides kernel logging support and enable non-kernel klog messages
module(load="imklog" permitnonkernelfacility="on")

###########################
#### GLOBAL DIRECTIVES ####
###########################

#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat

# Filter duplicated messages
$RepeatedMsgReduction on

#
# Set the default permissions for all log files.
#
$FileOwner syslog
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
$PrivDropToUser syslog
$PrivDropToGroup syslog

#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog

#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf

When I check /var/log/messages I could not see any logs. Similary I tried to check /var/log/syslog and /var/log/user.log but could not find any logs there. I don't know what am I doing wrong.

Thanks

user3723326
  • 115
  • 2
  • 7
  • Have you find the solution. Im trying to solve the same problem. Thanx – Erik Bors Jan 13 '23 at 20:18
  • I did but I don't remember it now. It was a couple of years ago and I no longer work on Linux and Syslogs. As far as I remember I think I was looking at the wrong location or something. – user3723326 Jan 25 '23 at 17:06

1 Answers1

0

In the above configuration file /etc/rsyslog.conf the rsyslog server is not listening to tcp as its commented.

uncommenting the above configuration and restarting the rsyslog service should fix the problem.

# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
Praveen Kumar
  • 1,515
  • 1
  • 21
  • 39