Hi,
I'm trying to transfer wso2carbon logs to elk using tcp input plugin
my config for wso2 log4jproperties file.
#TCP logger pattern
log4j.appender.tcp=org.apache.log4j.net.SocketAppender
log4j.appender.tcp.layout=org.wso2.carbon.utils.logging.TenantAwarePatternLayout
ConversionPattern will be overridden by the configuration setting in the DB
log4j.appender.tcp.layout.ConversionPattern=TID: [%T] [%S] [%d] %P%5p {%c} - %x %m {%c}%n
log4j.appender.tcp.layout.TenantPattern=%U%@%D [%T] [%S]
log4j.appender.tcp.Port=6000
log4j.appender.tcp.RemoteHost=localhost
log4j.appender.tcp.ReconnectionDelay=10000
log4j.appender.tcp.threshold=DEBUG
log4j.appender.tcp.Application=wso2carbon
Config for logstash.conf
input {
tcp {
mode => server
port => 6000
add_field =>
type => "wso2carbon"
}
}
}
I'm successfully getting messages from wso2carbon. but the message like encrypted format. like below.
{
"message" => "threadNameq\u0000~\u0000\u0001L\u0000\rthrowableInfot\u0000+Lorg/apache/log4j/spi/ThrowableInformation;xp\u0000\u0000\u0000\u0000\u0001c\xD9\xC9\xF3,t\u0000Forg.wso2.carbon.databridge.agent.endpoint.DataEndpointConnectionWorkerpsr\u0000\u0013java.util.Hashtable\u0013\xBB\u000F%!J\xE4\xB8\u0003\u0000\u0002F\u0000",
"host" => "127.0.0.1",
"@version" => "1",
"port" => 59581,
"type" => "wso2carbon",
"@timestamp" => 2018-06-07T10:28:01.179Z,
"tags" => [
[0] "_grokparsefailure"
]
}
please let me know how to decrypt this.