Configure log4j2 in Elasticsearch (7x)

RdrgPorto · March 24, 2020, 7:19am

Hi everyone,

I have just installed Elasticsearch 7.5.2 on Ubuntu 16.04 and I would like to configure Elasticsearch in order to retain only two log compressed files in /var/log/elasticsearch.

I have modified log4j2.properties (/etc/elasticsearch) according to the documentation.

######## Server JSON ############################
appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json
appender.rolling.layout.type = ESJsonLayout
appender.rolling.layout.type_name = server

appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 128MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.action.type = Delete
appender.rolling.strategy.action.basepath = ${sys:es.logs.base_path}
appender.rolling.strategy.action.condition.type = IfFileName
appender.rolling.strategy.action.condition.glob = ${sys:es.logs.cluster_name}-*
appender.rolling_old.strategy.action.condition.nested_condition.type = IfLastModified
appender.rolling_old.strategy.action.condition.nested_condition.age = 2D

It is correct? Is there any way to verify it it is working?

Thank in advance,

Regards

Update

I have modified log4j2.properties in order to roll logs after 100MB (appender.rolling.policies.size.size) and keep only 10 compressed files (appender.rolling.strategy.max).

######## Server JSON ############################
appender.rolling.type = RollingFile
appender.rolling.name = rolling
appender.rolling.fileName = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}_server.json
appender.rolling.layout.type = ESJsonLayout
appender.rolling.layout.type_name = server

appender.rolling.filePattern = ${sys:es.logs.base_path}${sys:file.separator}${sys:es.logs.cluster_name}-%d{yyyy-MM-dd}-%i.json.gz
appender.rolling.policies.type = Policies
appender.rolling.policies.time.type = TimeBasedTriggeringPolicy
appender.rolling.policies.time.interval = 1
appender.rolling.policies.time.modulate = true
appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
appender.rolling.policies.size.size = 100MB
appender.rolling.strategy.type = DefaultRolloverStrategy
appender.rolling.strategy.max = 10

bodo.te · March 25, 2020, 9:39pm

If you use log4j2 , I would recommend my advise given in this thread: MDC logs, ELK and filebeat

RdrgPorto · March 26, 2020, 7:02am

Hi @bodo.te ,

Thanks

Regards

system · April 23, 2020, 7:02am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Elasticseach v5.x - Configuration rolling log files with log4j2 Elasticsearch	1	875	October 30, 2017
Audit logging configuration via elasticsearch.yml Elasticsearch	2	630	October 16, 2020
Log4j2.properties: An example of a multiple conditions configuration for an elasticsearch 7 cluster (7.6.1) Elasticsearch	1	5207	October 23, 2020
Configure logging for plugin Elasticsearch	3	3206	January 5, 2017
Log4j2.properties configuration for elasticsearch Elasticsearch	1	441	September 29, 2022

Configure log4j2 in Elasticsearch (7x)

Related topics