I am trying to consolidate my Jboss logs into ElasticSearch via Logstash (log4j).
So far:
-
I've built and installed logstash-input-log4j plugin (https://www.elastic.co/guide/en/logstash/current/plugins-inputs-log4j.html) in logstash-5.1.1.
-
Configured Jboss:
custom-handler name="Remotelog4j" class="org.apache.log4j.net.SocketAppender" module="org.apache.log4j"
<level name="INFO"/
properties
property name="RemoteHost" value="localhost"
property name="Port" value="4560"
property name="LocationInfo" value="true"
properties
custom-handler
-Configured Logstash:
input {
\# file {
\# path => "/serverpath/log/server.log"
\# start_position => "beginning"
\# }
log4j {
mode => "server"
host => "0.0.0.0"
port => 4560
type => "log4j"
}
}
filter {
if [path] =~ "access" {
mutate { replace => { "type" => "apache_access" } }
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
}
date {
match => [ "timestamp" , "dd/MMM/yyyy:HH:mm:ss Z" ]
}
}
output {
elasticsearch {
hosts => ["elasticsearchserver:9200"]
}
stdout { codec => rubydebug }
}
(*)the commented out option (file) works in the Logstash. The problem is that I couldn't make it working with log4j type input. No error or clue but the log entries are not showing up in ElasticSearch.