问题描述:

my syslog-ng config is:

source s_src { tcp(ip(127.0.0.1) port(1000)); };

destination df_local0 { file ("/var/log/mylog-${YEAR}.${MONTH}.${DAY}.log" template("${YEAR}${MONTH}${DAY}-${HOUR}${MIN}${SEC} ${MESSAGE}\n")); };

filter f_local0 { facility(local0);};

log { source(s_src); filter(f_local0); destination(df_local0);};

my log4j2.xml is

<?xml version="1.0" encoding="UTF-8"?>

<Configuration status="warn" name="MyAppx" packages="">

<Appenders>

<Syslog name="RFC5424" format="RFC5424" host="127.0.0.1" port="1000"

protocol="TCP" appName="app" mdcId="mdc" includeMDC="true"

facility="LOCAL0" enterpriseNumber="" newLine="true" immediateFail="false"

messageId="" id="" ignoreExceptions="true">

<PatternLayout pattern="%d{HHmmss.SSS} [%t] %-5level %logger{36} - %msg%n"/>

<LoggerFields>

<KeyValuePair key="level" value="%level"/>

<KeyValuePair key="location" value="%location"/>

<KeyValuePair key="ex" value="%ex"/>

</LoggerFields>

</Syslog>

</Appenders>

<Loggers>

<Root level="debug">

<AppenderRef ref="RFC5424" />

</Root>

</Loggers>

</Configuration>

my output syslog-ng output is:

20150518-151925 2015-05-18T15:19:25.546+02:00 node001-NT-A2400-NT-A3500 app - [[email protected] ex="" level="DEBUG" location="eu.test.prot.ads.ADSClient.run(ADSClient.java:431)"] Thread top

as you can see, there is per default an timestamp in this format

2015-05-18T15:19:25.546+02:00

also the hostname is printed. How can I influence the output?

Is there also an oportunity to access the log4j LoggerFields in syslog-ng.conf?

I would like to have an output like

20150518-151925 - app - DEBUG - eu.test.prot.ads.ADSClient.run(ADSClient.java:431)" - Thread top

网友答案:

I'd guess that syslog-ng does not recognize the timestamp in the log4j message, and appends the timestamp.

Also, in your syslog-ng configuration you use the tcp() source, which is mainly used for receiving RFC3164 messages, but in log4j you set format="RFC5424". Try to change your syslog-ng config to use the syslog() source: https://www.balabit.com/sites/default/files/documents/syslog-ng-ose-latest-guides/en/syslog-ng-ose-guide-admin/html/configuring-sources-syslog.html

HTH Regards,

Robert Fekete

相关阅读:
Top