Connect remote server for logging using Log4J - java

I want To Connect to the remote server to write my log files using Log4J Socket Appender
My log.properties file is as below
log4j.rootLogger=DEBUG, BLAH
# to connect to the remote server
log4j.appender.BLAH=org.apache.log4j.net.SocketAppender
# set set that layout to be SimpleLayout
log4j.appender.BLAH.layout=org.apache.log4j.SimpleLayout
#log4j.appender.BLAH.File= admin.log
log4j.appender.BLAH.Port= xx
log4j.appender.BLAH.RemoteHost= <remoteIp>
I tried connecting localhost too with port number 22 and 8080
I am making a mistake some where in the connection .
I get the following error
log4j:ERROR Could not connect to remote log4j server at [localhost]. We will try again later.
or
Give me any suggestions to write the log files in a remote server machine.

You should have a server running which listens to a given port. The log4j should connect to this server for logging.
Type the following in command prompt to start the listener
Java org.apache.log4j.net.SimpleSocketServer 4712 PATH_TO_THE_FILE\log4jServer.properties
Eg
java org.apache.log4j.net.SimpleSocketServer 4712 C:\log4j-server.properties
log4j-server.properties may contain something like this.
> log4j-server.properties will contain normal configuration of log4j.
> log4j.rootLogger=debug, stdout
> log4j.appender.stdout=org.apache.log4j.ConsoleAppender
> log4j.appender.stdout.Target=System.out
> log4j.appender.stdout.layout=org.apache.log4j.PatternLayout
> log4j.appender.stdout.layout.ConversionPattern=%t %-5p %c{2} - %m%n
In the client side, your log4j config will look like this
log4j.rootLogger=DEBUG, BLAH
# to connect to the remote server
log4j.appender.BLAH=org.apache.log4j.net.SocketAppender
# set set that layout to be SimpleLayout
log4j.appender.BLAH.layout=org.apache.log4j.SimpleLayout
#log4j.appender.BLAH.File= admin.log
log4j.appender.BLAH.Port= 4712
log4j.appender.BLAH.RemoteHost=10.225.226.58
Replace the IP and Port(without conflicting the standard ports) as per your configuration.
Hope this would help.

Port 22 and 8080 are usually used by SSH and HTTP respectively. The SocketAppender is expecting to talk to a SocketNode using its own TCP-based protocol. So you need to start one up, on a different port of your choice.
Note that when you try to log to a remote server, you'll need to have that port open on the firewall.

Related

Logback will only log a message to syslog once

I've tried several examples of using logback to write to syslog, but the only that I've found that works is this JavaCodeGeeks example. It writes a message to syslog, but it only writes a message once no matter how many times I run the code. If I change the message it will write it to syslog, but only once.
I'm on Ubuntu 19.10. I've uncommented the following four lines from my /etc/rsyslog.conf and restarted :
# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")
# provides TCP syslog reception
module(load="imtcp")
input(type="imtcp" port="514")
The only change I made to the javacodegeeks code is to comment out the remote appender in logback.xml. It only logs to the localhost syslog.
What causes this weird behavior?
To log all messages you have to set
$RepeatedMsgReduction off
in /etc/rsyslog.conf and restart rsyslog.
https://www.rsyslog.com/doc/v8-stable/configuration/action/rsconf1_repeatedmsgreduction.html
The default was on in Ubuntu 19.10.

ZooKeeper Starting on Incorrect Port

I am trying to start a zookeeper server from a a Java code withing a webapp. But somehow I see that it is trying to start on the Tomcat port rather than the port provided in the properties file.
I keep seeing this:
WARN | o.e.j.s.ServletContextHandler#269d82e2{/,null,UNAVAILABLE} contextPath ends with /*
WARN | Empty contextPath
StartZooKeeperServer EXCEPTION: org.apache.zookeeper.server.admin.AdminServer$AdminServerException: Problem starting AdminServer on address 0.0.0.0, port 8080 and command URL /commands
org.apache.zookeeper.server.admin.AdminServer$AdminServerException: Problem starting AdminServer on address 0.0.0.0, port 8080 and command URL /commands
at org.apache.zookeeper.server.admin.JettyAdminServer.start(JettyAdminServer.java:107)
at org.apache.zookeeper.server.ZooKeeperServerMain.runFromConfig(ZooKeeperServerMain.java:138)
But I have the clientPort set in the properties as 2182.
If you need any more information please do let me know.
The problem is not with the Zookeeper server but with the Admin Server.
Admin Server binds by default to port 8080. However, this port is allocated in your system so this exception is thrown.
You can add the following property to your zookeeper configuration:
admin.serverPort=9876 (any port other than 8080)
You can even disable this server if you do not need it using:
admin.enableServer=false
More information on the Zookeeper admin server:
https://zookeeper.apache.org/doc/r3.6.1/zookeeperAdmin.html#sc_adminserver

Log4j SyslogAppender not sending any logs to local Syslog

I am trying to get the Syslog thing working. I am using Log4j 2.7 SyslogAppender (org.apache.logging.log4j.core.appender). I have local syslog relay server listening on port 514 (UDP). All the local syslog messages are forwarded to remote Syslog server. This all was working fine till I was sending the syslog messages using java.net.DatagramPacket class which was directly relaying the messages on port 514 of localhost.
Later I decided to use SyslogAppender and started seeing troubles. Below is my log4j properties file where I have configured my Syslog logger/appender
appenders = rolling, SYSLOG
appender.SYSLOG.type = Syslog
appender.SYSLOG.name = Syslog
appender.SYSLOG.host = 127.0.0.1
appender.SYSLOG.port = 514
appender.SYSLOG.protocol = UDP
logger.syslog.name = root.syslog
logger.syslog.level = info
logger.syslog.additivity = false
logger.syslog.appenderRef = SYSLOG
I am using this logger in my Java class as follows-
private static final Logger myLogger = LoggerFactory.getLogger("root.syslog");
.
.
myLogger.info("My test message");
I have all set in /etc/rsyslog.conf as follows (As I alreayd mentioned, everything was working fine so far)-
$ModLoad imudp
$MaxMessageSize 64k
$UDPServerAddress 127.0.0.1
$UDPServerRun 514
I did tcpdump as tcpdump -i lo port 514 -w local-syslog-appender.pcap. But I don't see any messages being sent to this channel. I have captured the traffic on this port before when I was using DatagramPacket java.net.DatagramPacket. But after moving to SyslogAppender, nothing shows up. F1.
I am not sure how to troubleshoot this appender and how to get this working.

How can I use log4j to log why RMI is failing

I am currently using log4j to log on both server and client side processes.
But I am having an rmi failure.
I would like to know if the problem is on the client side or the server side.
How can I use log4j to show me the rmi activity on both the client and server?
Note that I don't see any rmi logging.
My log4j file contains this:
log4j.rootLogger=DEBUG, file, Socket_Logger, CONSOLE
log4j.appender.file=org.apache.log4j.DailyRollingFileAppender
log4j.appender.file.File=C:/log/RDS.log
log4j.appender.file.Append=true
log4j.appender.DatePattern='.'yyyy-MM-dd
log4j.appender.file.layout=org.apache.log4j.PatternLayout
log4j.appender.file.layout.ConversionPattern=%d %-5p (%t)[%c] %m%n
log4j.appender.file.Threshold=DEBUG
The server log4j log shows things like:
at sun.rmi.transport.proxy.RMIDirectSocketFactory.createSocket(RMIDirectSocketFactory.java:40)
at sun.rmi.transport.proxy.RMIMasterSocketFactory.createSocket(RMIMasterSocketFactory.java:148)
at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613)
But the Client side log doesn't show anything
Log4J has nothing to do with it. RMI uses Java logging. What you need to do is enable the client-side logging you need, via the RMI system logLevel properties.

Logstash syslog input from docker container

I have a java application running in a docker container on a docker host. The application uses log4j for logging and logs to syslog. I want to be able to send my syslog logs to logstash.
I changed the configurations in rsyslog config file to :
*.* ##<logstash host ip>:514
and I have in my logstash config file for syslog:
input {
syslog {
type => syslog
port => 514
}
}
and in logstash logs I got errors saying syslog tcp listener died and
exception=>#<Errno::EACCES: Permission denied - bind(2)
I thought I should probably specify where the host is in logstash configs and added the ip address of my dockerhost + port to the config file but I still get the same errors.
How can I tell logstash to look at the docker container on dockerhost for logs? am I missing a component here?
Thanks.
You need to run the process as root. normal users (ie non root) cant bind to ports less than 1024 without some setuid trickery

Categories

Resources