logging-log4j-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kannan Ekanath" <kannan.ekan...@gmail.com>
Subject Re: Unable to get Syslog appender to work without the -r option
Date Thu, 25 Sep 2008 15:42:58 GMT
Hi Douglas, I am happy to run this with the -r option. However my logs are
still not getting through over to my network. Here is what I did,

Box1 - Added the two lines on /etc/syslog.conf
local6.*                                                @Box2
local6.*                                                /var/log/messages
*.debug                                                @Box2
*.debug                                                /var/log/messages

which means I redirect all debug messages and local6 facility messages to
box2

Box2 - Added the line on /etc/syslog.conf
*.debug                                                /var/log/messages
local6.*                                                /var/log/messages

Now, my application sits on Box1 and the SyslogAppender writes to local6.err
I would have expected it come over till Box2. That did not happen.

1) I went into Box1 and did a "kill -1 PID" (since this would send a debug
message saying restarted teh service). This message came in Box1 as well as
Box2
2) Only the log messages from the SyslogAppender is not coming through. I
have no idea why, but when I examined Box1 I found the two lines,
Sep 25 15:08:43 hamdev114 syslogd 1.4.1: restart (remote reception)
Sep 25 15:11:06 localhost.localdomain BETEX Some error

The only difference between the two logs was that the debug log was sending
the hostnaem as hamdev114 and the log4j appender sent it as
localhost.localdomain. Could this be the problem?

can some one please advice?



On Fri, Sep 19, 2008 at 2:45 PM, Douglas E Wegscheid <
Douglas_E_Wegscheid@whirlpool.com> wrote:

> one option would be for syslogd to accept network connection, but only
> from localhost (127.0.0.1). No worse of a security exposure than listening
> on the Unix socket, IMHO. This would not be a syslog,conf setting; it
> would need to be done with some form of firewall that would deny remote
> access to UDP port  514, but allow access to it from localhost.
>
> I don't think java knows how to write to a local Unix socket (/dev/log),
> which is what syslogd configured with -r listens on. I have seen
> whisperings of a log4net syslog appender that uses native code to write to
> a Unix socket, see http://marc.info/?l=log4net-dev&m=109344646600810&w=2
>
> Douglas E Wegscheid
> Lead Technical Analyst, Whirlpool Corporation
> (269)-923-5278
>
> "A wrong note played hesitatingly is a wrong note. A wrong note played
> with conviction is interpretation."
>
>
>
> "Kannan Ekanath" <kannan.ekanath@gmail.com> wrote on 09/19/2008 06:41:11
> AM:
>
> > Hi,Log4j - 1.2.18
> > I am using the Log4j Syslog Appender to write syslog messages to my
> > localhost. Since this is just localhost I would have expected the
> Appender
> > to not draw up any network connections. I redirect all *.info messages
> in my
> > localhost to a file and I did not see my log4j messages there.
> >
> > However, when I run the syslog daemon with the -r option (which is to
> accept
> > remote connections) I can see my log4j messages.
> >
> > My question is this, since I my sysloghost is just the "localhost", is
> there
> > a way to talk to the local syslog host without a network connection?
> > Apparently, our Systems folks are not okay with opening up the syslog
> ports
> > for remote connections?
> >
> > Is there an option?
> >
> > --
> > Regards,
> > Kannan Ekanath
>



-- 
Regards,
Kannan Ekanath

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message