Pages

Wednesday, September 14, 2016

Sending Tomcat Logs to Syslog Servers in Redhat 7

I want to send the tomcat logs to syslogs servers in redhat 7 as follows:

1. Configuring the tomcat.conf file


     I want to send the tomcat catalina.log to syslog server using the local1 facility. Go to the /etc/rsyslog.d/ and create a file called tomcat.conf and add the following content to the file.


 # File 1
input(type="imfile"
      File="/var/log/tomcat/catalina.log"
      Tag="catalina"
      StateFile="/var/spool/catalina"
      Severity="info"
      Facility="local1")

local1.*  @<syslogServer>:514

Replace syslogServer with your actual syslog name or ip address server.

In the above configuration 

File is the tomcat log file absolue path. In my case tomcat log file path is /var/log/tomcat/catalina.log.

Tag is the identification for the tomcat log file into the syslog server. In my case catalina is the tag to filter the content from the syslog server.

type is the module is being used to parse the log files. This module needs to be configured in the /etc/rsyslog.conf file. Please look section 2.2 for configuration. 

StateFile is the tomcat log file parse status.

Severity is the logging severity into the syslog server

Faciltiy is the logging under facilitiy. In my case facility is local1 and this faility is being used to 
filter the log file content and send to the different location. 

2. Configuring the rsyslog.conf

    2.1 Load the imfile module

     The imfile module is required to parse the catalina.log file  and send to the syslog server.
      Edit the rsyslog.conf file and add the following content under MODULE section.

      module(load="imfile" PollingInterval="10")

    2.2 Configure the messages

    This confuguration is required for not logging the calatling.log messages into the /var/log/messages.

    Edit the /etc/rsyslog.conf file and append the local1.none content before /var/log/messages.

    *.info;mail.none;authpriv.none;cron.none;local1.none                /var/log/messages 
    

   2.3 Restart the rsyslog daemon.

     systemctl restart rsyslog