Research on Java writing to syslog under Linux environment

1.Syslog

In UNIX class operating systems, Syslog is widely used in system logs. Syslog log messages can be recorded in a local file or sent over a network to a server receiving a syslog. The server receiving the Syslog can store the syslog messages of multiple devices uniformly, or parse the contents of them to do the corresponding processing. A common application scenario is the network

Network management tools, security management systems, log audit system.

2.linux syslog System

Syslog is the default log daemon for Linux systems, and the logs for some modules, such as the kernel, are basically stored through the syslog. The new version of Ubuntu (which does not know exactly which version to start with) extends the syslog to Rsyslog.

The most important part of Syslog logging is the program module (Facility) and log rank (level) that generate the log, and other information such as time, host IP, process ID, and so on.

The configuration file for Ubuntu under Syslog service is:/etc/rsyslog.conf

The more useful part of opening this file is:

 in/etc/rsyslog.d//etc/rsyslog.d/*. conf

This sentence tells the server where to go to read more detailed configuration files, under the/etc/rsyslog.d/folder, there are several detailed configuration files. If you want to include a configuration file with a different path, you can add it by similar rules.

Under the/etc/rsyslog.d/folder, there are two files 20-ufw.conf and 50-default.conf, and in 50-default.conf, you can see the following part of the information:

# # First some standard log files.  Log by facility. #auth, authpriv.*                 /var/log/auth.loglocal1.*                        -/var/log/local1.log*.*;auth,authpriv.none          -/var/log/syslog#cron.*                         /var/log/cron.log#daemon.*                       -/var/log/daemon.log

One of the local1.* stands for [Facility] in the previous article. [Level] combination.

Facility represents the service, specifies the Syslog function, LOCAL0~LOCAL7 is used for the custom program, and the general application chooses one of the 1~7 as the service flag.

Level stands for priority, from high to low for panic, alert, crit, err, warning, notice, info, debug, none.

The second half of the-/var/log/local1.log represents the path to the log file.

Examples of CMD statements are: logger-p local1.info-t "Test" "a Test of syslog".

3. Java Write syslog code

In the Linux environment, use the Logback log framework to connect Syslog,xml as follows:

<?xml version= "1.0" encoding= "UTF-8"?><configuration>  <appender name= "RSYSLOG" class= " Ch.qos.logback.classic.net.SyslogAppender ">    <syslogHost>127.0.0.1</syslogHost>    < facility>local1</facility>    <suffixPattern>%msg</suffixPattern>  </appender>  <logger name= "Com.xy.SystemLogger" level= "DEBUG" >    <appender-ref ref= "RSYSLOG"/>  </ Logger></configuration>

The Java code is as follows:

Static final Logger Logger = Loggerfactory.getlogger (Systemlogger.class); Send to Syslog logger.info ("java[" + pid + "]:" + message);

However, no corresponding statements were found in the Syslog log, and Java code was not written ...

After consulting Daniel, the following procedures are as follows:

Tcpdump-xx-v-I any host 127.0.0.1 and port514-f/opt/slk/var/log/-F Java-jar target/consumer-1.0-
   
    | 
     -
    /proc/pid/
   

Finally find the reason: Syslog in Linux by default using the UNIX domain socket mechanism, and Java logger using UDP socket mode cannot be linked.

The workaround is to have the syslog use UDP to modify the/etc/rsyslog.conf:

514

Research on Java writing to syslog under Linux environment