JBoss EAP 6.4 and Logstash using log4j


#1

I am trying to consolidate my Jboss logs into ElasticSearch via Logstash (log4j).

So far:

  • I've built and installed logstash-input-log4j plugin (https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html) in logstash-5.1.1.

  • Configured Jboss:
    custom-handler name="Remotelog4j" class="org.apache.log4j.net.SocketAppender" module="org.apache.log4j"
    <level name="INFO"/
    properties
    property name="RemoteHost" value="localhost"
    property name="Port" value="4560"
    property name="LocationInfo" value="true"
    properties
    custom-handler

-Configured Logstash:
input {
\# file {
\# path => "/serverpath/log/server.log"
\# start_position => "beginning"
\# }
log4j {
mode => "server"
host => "0.0.0.0"
port => 4560
type => "log4j"
}
}

filter {
if [path] =~ "access" {
mutate { replace => { "type" => "apache_access" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}

output {
elasticsearch {
hosts => ["elasticsearchserver:9200"]
}
stdout { codec => rubydebug }
}

(*)the commented out option (file) works in the Logstash. The problem is that I couldn't make it working with log4j type input. No error or clue but the log entries are not showing up in ElasticSearch.


(system) #2

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.