Elasticsearch log to windows event log

Elastic Stack Elasticsearch
1

Hi

Does anyone have an example of logging YAML that uses the event log on
Windows? I've tried:

http://wiki.apache.org/logging-log4j/NTEventLogAppender
http://logging.apache.org/log4j/1.2/apidocs/org/apache/log4j/nt/NTEventLogAppender.html

But I cannot get it to work.

Regards,

Ken

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/c18e5bf8-c3b3-448a-ba5e-c5c421679cac%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

2

I just tried on Windows 7 (I'm logged in as admin and I run ES as admin -
if that matters).

  1. First thing I did was download and copy the NTEventLogAppender.amd64.dll
    into my System32

  2. Then I did the Regedit instructions here:
    http://wiki.apache.org/logging-log4j/NTEventLogAppender (Although I don't
    know if this step was necessary)

  3. I added these to the logging.yml file (see in bold)

you can override this using by setting a system property, for example

-Des.logger.level=DEBUG
es.logger.level: INFO
rootLogger: ${es.logger.level}, console, file*, nt*
...

  • nt: type: org.apache.log4j.nt.NTEventLogAppender source: ES
    layout: type: pattern conversionPattern:
    "[%d{ISO8601}][%-5p][%-25c] %m%n"*
    After that, I restarted ES and I saw the logs come in under Windows
    Logs\Application in the event log.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/055bd972-a56b-4514-abce-96d6979ccd03%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

3

Great thanks.

Ken

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/ca0e5224-1a39-4cf3-a60c-6d8273529f55%40googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.