Log4j output to system logs and emails

Purpose:
1. Write a fatal-level error to the 2000nt log
2. Send email notification to administrators for warn, error, and fatal errors
3. Other errors are output directly in the background.

Tutorial steps:
Output to 2000nt log
1. SetLog4j
Copy the nteventlogappender. dll in the compressed package to the WINNT/system32 directory (PS: I will store it in the bin of Alibaba ATC)

2. Write the configuration file log4j. properties.

# System log output in 2000
Log4j. Logger. ntlog = fatal, A8
# Appender A8
Log4j. appender. A8 =
Org. Apache. log4j. nt.
Nteventlogappender
Log4j. appender. A8.
Source
= Javatest
Log4j. appender. a8.layout = org. Apache. log4j. patternlayout
Log4j. appender. a8.layout. conversionpattern = %-4r %-5 p [% T] % 37C % 3x-% m % N

3. Call code:
Logger logger2 = logger. getlogger ("ntlog"); // The name must be the same as that set in the configuration file.
Logger2.debug ("Debug !!! ");
Logger2.info ("info !!! ");
Logger2.warn ("Warn !!! ");
Logger2.error ("error !!! ");
// Only this error will write the 2000 log
Logger2.fatal ("Fatal !!! ");

Send email notification to the Administrator:
1. First download javamail and JAF,
Http://java.sun.com/j2ee/ja/javamail/index.html
 
Http://java.sun.com/beans/glasgow/jaf.html
 
Reference mail. jar and activation. jar in the project.
2. Write the configuration file
# Send Logs to email
Log4j. Logger. maillog = warn, A5
# Appender A5
Log4j. appender. A5 = org.apache.log4j.net. smtpappender
Log4j. appender. a5.buffersize = 5
Log4j. appender. a5.to = chunjie@263.net
Log4j. appender. a5.from = error@error.com
Log4j. appender. a5.subject = errorlog
Log4j. appender. a5.smtphost = smtp.263.net
Log4j. appender. a5.layout = org. Apache. log4j. patternlayout
Log4j. appender. a5.layout. conversionpattern = %-4r %-5 p [% T] % 37C % 3x-% m % N
3. Call code:
// Send Logs to mail
Logger logger3 = logger. getlogger ("maillog ");
Logger3.warn ("Warn !!! ");
Logger3.error ("error !!! ");
Logger3.fatal ("Fatal !!! ");

Output errors of all types in the background:
1. Write the configuration file
# Output in the background
Log4j. Logger. Console = debug, A1
# Appender A1
Log4j. appender. A1 = org. Apache. log4j. leleappender
Log4j. appender. a1.layout = org. Apache. log4j. patternlayout
Log4j. appender. a1.layout. conversionpattern = %-4r %-5 p [% T] % 37C % 3x-% m % N
2. Call Code
Logger logger1 = logger. getlogger ("console ");
Logger1.debug ("Debug !!! ");
Logger1.info ("info !!! ");
Logger1.warn ("Warn !!! ");
Logger1.error ("error !!! ");
Logger1.fatal ("Fatal !!! ");

--------------------------------------------------------------------
All configuration files: log4j. Properties
# Output in the background
Log4j. Logger. Console = debug, A1
# Appender A1
Log4j. appender. A1 = org. Apache. log4j. leleappender
Log4j. appender. a1.layout = org. Apache. log4j. patternlayout
Log4j. appender. a1.layout. conversionpattern = %-4r %-5 p [% T] % 37C % 3x-% m % N

# System log output in 2000
Log4j. Logger. ntlog = fatal, A8
# Appender A8
Log4j. appender. A8 =Org. Apache. log4j. nt.
Nteventlogappender
Log4j. appender. A8.Source
= Javatest
Log4j. appender. a8.layout = org. Apache. log4j. patternlayout
Log4j. appender. a8.layout. conversionpattern = %-4r %-5 p [% T] % 37C % 3x-% m % N

# Send Logs to email
Log4j. Logger. maillog = warn, A5
# Appender A5
Log4j. appender. A5 = org.apache.log4j.net. smtpappender
Log4j. appender. a5.buffersize = 5
Log4j. appender. a5.to = chunjie@263.net
Log4j. appender. a5.from = error@error.com
Log4j. appender. a5.subject = errorlog
Log4j. appender. a5.smtphost = smtp.263.net
Log4j. appender. a5.layout = org. Apache. log4j. patternlayout
Log4j. appender. a5.layout. conversionpattern = %-4r %-5 p [% T] % 37C % 3x-% m % N

All code:Log4j
Test. Java
/*
* Creation date: 2003-11-13
*/
Package edu. BCU. Bean;
Import org. Apache. log4j .*;
// ImportOrg. Apache. log4j. nt.
*;
// Import org.apache.log4j.net .*;
/**
* @ Author yanxu
*/
Public classLog4j
Test
{
Public static void main (string ARGs [])
{
Propertyconfigurator. Configure ("log4j. properties ");
// Output in the background
Logger logger1 = logger. getlogger ("console ");
Logger1.debug ("Debug !!! ");
Logger1.info ("info !!! ");
Logger1.warn ("Warn !!! ");
Logger1.error ("error !!! ");
Logger1.fatal ("Fatal !!! ");

// Output logs in the NT System
Logger logger2 = logger. getlogger ("ntlog ");
// Nteventlogappender NLA = new nteventlogappender ();
Logger2.debug ("Debug !!! ");
Logger2.info ("info !!! ");
Logger2.warn ("Warn !!! ");
Logger2.error ("error !!! ");
// Only this error will write the 2000 log
Logger2.fatal ("Fatal !!! ");

// Send Logs to mail
Logger logger3 = logger. getlogger ("maillog ");
// Smtpappender SA = new smtpappender ();
Logger3.warn ("Warn !!! ");
Logger3.error ("error !!! ");
Logger3.fatal ("Fatal !!! ");
}
}

 

 

 

Configure syslog-ng for centralized Log Server Management log4j, windows, and Syslog

 

Recently, log servers have been used for centralized management, including windows, Java, and Linux logs, which have been searched online for a long time. These logs are scattered about log4j logs and syslog-
Ng is basically not able to directly send the log4j logs to remote syslog-ng for management. Here, I only write down one of my success methods, so that you can easily find out what you need, I also hope that
Jin Yu and XD have more good suggestions.
I will not talk about how to install the program here. There are some in the forum, which can be found no longer by Google.

----------
1.Install syslog-ng

# Vi/usr/local/syslog-ng/etc/syslog-ng.conf
Options {
Use_fqdn (yes );
Chain_hostnames (off );
Keep_hostname (off );
Sync (0 );
# The default action of syslog-ng 1.6.0 is to log a stats line
# To the file every 10 minutes. That's pretty uugly after a while.
# Change it to every 12 hours so you get a nice daily update
# How many messages syslog-ng missed (0 ).
Stats (43200 );
Create_dirs (yes );
};
Source s_internal {internal ();};
Destination d_syslognglog {file ("/var/log/syslog-ng.log ");};
Log {source (s_internal); destination (d_syslognglog );};
Source s_sys {file ("/proc/kmsg" log_prefix ("kernel:"); Unix-stream ("/dev/log"); internal ();};
Destination d_cons {file ("/dev/console ");};
Destination d_mesg {file ("/var/log/messages ");};
Destination d_auth {file ("/var/log/secure ");};
Destination d_mail {file ("/var/log/maillog ");};
Destination d_spol {file ("/var/log/Spooler ");};
Destination d_boot {file ("/var/log/boot. log ");};
Destination d_cron {file ("/var/log/cron ");};
Destination d_rsync {file ("/var/log/rsync ");};
Destination d_mlal {usertty ("*");};
Filter f_filter1 {facility (Kern );};
Filter f_filter2 {level (Info) and
Not (facility (Mail)
Or facility (authpriv) or facility (cron ));};
Filter f_filter3 {facility (authpriv );};
Filter f_filter4 {facility (Mail );};
Filter f_filter5 {level (emerg );};
Filter f_filter6 {facility (uucp) or
(Facility (News) and level (CRIT ));};
Filter f_filter7 {facility (local7 );};
Filter f_filter8 {facility (cron );};
Filter f_filter9 {facility (Daemon );};
Filter f_filter10 {facility (local6 );};
# Log {source (s_sys); filter (f_filter1); destination (d_cons );};
Log {source (s_sys); filter (f_filter2); destination (d_mesg );};
Log {source (s_sys); filter (f_filter3); destination (d_auth );};
Log {source (s_sys); filter (f_filter4); destination (d_mail );};
Log {source (s_sys); filter (f_filter5); destination (d_mlal );};
Log {source (s_sys); filter (f_filter6); destination (d_spol );};
Log {source (s_sys); filter (f_filter7); destination (d_boot );};
Log {source (s_sys); filter (f_filter8); destination (d_cron );};
# Remote logging
Source s_remote {
UDP (IP (0.0.0.0) Port (514 ));
};

Destination r_mesg {
File ("/var/log/syslog-ng/$ year $ month $ day/$ host/messages" Owner ("root ")
Group ("root") perm (0640) dir_perm (0750) create_dirs (yes ));};
Destination r_auth {
File ("/var/log/syslog-ng/$ year $ month $ day/$ host/secure" Owner ("root ")
Group ("root") perm (0640) dir_perm (0750) create_dirs (yes ));};
Destination r_mail {
File ("/var/log/syslog-ng/$ year $ month $ day/$ host/maillog" Owner ("root ")
Group ("root") perm (0640) dir_perm (0750) create_dirs (yes ));};
Destination r_spol {
File ("/var/log/syslog-ng/$ year $ month $ day/$ host/Spooler" Owner ("root ")
Group ("root") perm (0640) dir_perm (0750) create_dirs (yes ));};
Destination r_boot {
File ("/var/log/syslog-ng/$ year $ month $ day/$ host/boot. log" Owner ("root ")
Group ("root") perm (0640) dir_perm (0750) create_dirs (yes ));};
Destination r_cron {
File ("/var/log/syslog-ng/$ year $ month $ day/$ host/cron" Owner ("root ")
Group ("root") perm (0640) dir_perm (0750) create_dirs (yes ));};
Destination r_daemon {
File ("/var/log/syslog-ng/$ year $ month $ day/$ host/daemon" Owner ("root ")
Group ("root") perm (0640) dir_perm (0750) create_dirs (yes ));};
Destination r_local6 {
File ("/var/log/syslog-ng/$ year $ month $ day/Network/messages"
Owner ("root") group ("root") perm (0640) dir_perm (0750)
Create_dirs (yes ));};
# Destination d_separatedbyhosts {
# File ("/var/log/syslog-ng/$ host/messages" Owner ("root") group ("root") perm (0640) dir_perm (0750) create_dirs (yes ));
#};
# Log {source (s_remote); destination (d_separatedbyhosts );};
Log {source (s_remote); filter (f_filter2); destination (r_mesg );};
Log {source (s_remote); filter (f_filter3); destination (r_auth );};
Log {source (s_remote); filter (f_filter4); destination (r_mail );};
Log {source (s_remote); filter (f_filter6); destination (r_spol );};
Log {source (s_remote); filter (f_filter7); destination (r_boot );};
Log {source (s_remote); filter (f_filter8); destination (r_cron );};
Log {source (s_remote); filter (f_filter9); destination (r_daemon );};
Log {source (s_remote); filter (f_filter10); destination (r_local6 );};

# Syslog-ng CONF file for use with phpsyslog-ng
# Source SRC {
# Unix-stream ("/dev/log" Max-connections (256 ));
# Internal ();
# File ("/proc/kmsg ");
# TCP ();
# UDP ();
#};
#
# Log {
# Source (SRC );
# Destination (d_mysql );
#};
#
# Destination d_mysql {
# Program ("/usr/bin/MySQL -- user = root -- Password = syslog </var/log/MySQL. Pipe ");
# Pipe ("/var/log/MySQL. Pipe" template ("insert into logs (host,
Facility, priority, level, Tag, datetime, program, MSG) values (
'$ Host',' $ facility ',' $ priority ',' $ level', '$ tag',' $ year-$ month-$ day
$ Hour: $ min: $ sec ',' $ program ',' $ MSG ');/N ") template-escape (yes ));
#};

Add syslog-ng to start
# Echo "/usr/local/syslog-ng/sbin/syslog-ng">/etc/rc. Local

2. jAva log

For details about how to install Tomcat and Java, see my other article. Here we will focus on the configuration of log4j and send logs to the remote syslog-ng server.

In a tomcat application project VI/.../WEB-INF/classes/log4j. Properties
############### Write to the file ##################
Log4j. rootlogger = info, debug, warn, syslog, A1
Log4j. appender. A1 = org. Apache. log4j. dailyrollingfileappender
Log4j. appender. a1.file =/var/log/messages
# Log4j. appender. a1.datepattern = yyyy-mm-dd'. Log'
Log4j. appender. a1.layout = org. Apache. log4j. patternlayout
Log4j. appender. a1.layout. conversionpattern = % d {yyyy-mm-dd hh: mm: SS, SSS} [% C]-[% P] % m % N
######################## Write to the syslog ############ ##########
# Appender To Syslog
# Log4j. rootcategory = info, debug, console, file, Syslog
Log4j. appender. syslog = org.apache.log4j.net. syslogappender
# Log4j. appender. syslog. sysloghost = 192.168.76.100 (IP address of the log server)
Log4j. appender. syslog. sysloghost = 127.0.0.1
Log4j. appender. syslog. Port = 514
Log4j. appender. syslog. Facility = local5
Log4j. appender. syslog. layout = org. Apache. log4j. patternlayout
Log4j. appender. syslog. layout. conversionpattern = % P: % c {2}-% m % N

Modify local Syslog

VI/etc/syslog. conf
Local5. * @ 192.168.76.100 (IP address of the log server)

3.Windows logs

Windows logs do not support Syslog Format
For: https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/
The decompressed files are evtsys.dlland evtsys.exe.
Copy these two files to the C:/Windows/system32 directory.
Open a Windows Command Prompt (START-> RUN cmd)
C:/> evtsys-I-H 192.168.76.100 # (IP address of the log server)
-I indicates that the service is installed as a system service.
-H: Specify the IP address of the log server
If you want to uninstall evtsys, then:
Net stop evtsys
Evtsys-u
Start the service:
C:/> Net start evtsys

Configuration complete

4.Syslog log

Edit the following file and add the following statements.
# Vi/etc/syslog. conf
*. * @ Remotehost