Log4j2 syslog appender ignoring facility

Vincent_DOS_SANTOS · March 18, 2020, 1:37pm

Hi.

I tried to configure syslog appender on elasticsearch version 6.6.

Here is my /etc/elasticsearch/log4j2.properties file

appender.syslog.type = syslog
appender.syslog.name = syslog
appender.syslog.facility = local7
appender.syslog.FacilityPrinting = true
appender.syslog.SyslogHost = localhost
appender.syslog.layout.type = PatternLayout
appender.syslog.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] [%node_name]%marker %.-10000m%n
appender.syslog.port = 514

rootLogger.level = info
rootLogger.appenderRef.syslog.ref = syslog

Here is my /etc/rsyslog.d/elastic.conf file

local7.*	-/var/log/testrsyslog/testlocal7-elastic.log
local7.* stop
user.*        -/var/log/testrsyslog/testuser-elastic.log
user.* stop

But when I restart the 2 services, all logs go to /var/log/testrsyslog/testuser-elastic.log file.

The facility "local7" in my log4j2.properties is ignoring.

Can you help me ?

Thanks.

system · April 15, 2020, 1:37pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Howto configure log4j2.properties to log to /dev/log Elasticsearch	1	270	August 22, 2021
Log4j2 syslog appender exception Elasticsearch	2	1949	June 20, 2017
How to send Elasticsearch 6.8 logs to syslog? Elasticsearch	1	787	June 18, 2021
Set cluster log facility Elasticsearch	2	608	April 20, 2017
Elasticsearch 7 // Log4j configuration SocketAppender Elasticsearch	1	199	October 11, 2022

Log4j2 syslog appender ignoring facility

Related topics