November 1, 2009

Writing to Syslog with Log4J and Testing It on Ubuntu 9.04 Jaunty

The preferred way to log in Linux is to write to the Syslog. For you that comes from the Windows world, Syslog is the equivalent for the Windows NT Event Log. Before you can ran the example below you need to enable Syslog Facility LOCAL1 on Ubuntu. The Facility can be looked as a filter and if you are running multiple programs on the same server, you might want to consider to let each program write to different Facility LOCAL[0-7].

To enable Facility LOCAL1 on Ubuntu 9.04 you first need to edit /etc/syslog.conf
>sudo gedit /etc/syslog.conf &

and add the following line
local1.*   /var/log/local1.log

But we are not done yet, since Log4J is using the underlying writer class org.apache.log4j.helpers.SyslogWriter that is using the which is writing to the syslog remotely, we need to enable remote access to Syslog. We do that by changing:
>sudo gedit /etc/default/syslogd &

And changing the following:

Now we are done and we need to restarts the system log daemon, to make our changes take affect:
>sudo /etc/init.d/sysklogd restart

Finally we add the following configuration to our
# configure the root logger

# configure Syslog facility LOCAL1 appender
log4j.appender.SYSLOG_LOCAL1.layout.conversionPattern=[%p] %c:%L - %m%n


Anonymous said...

Hello Magnus, i has been followed your instrucction in order to configure an appender with the syslog in a RH4. I have the same configuration (with some differences due to SO) that you explain in your article but I receive the following error when I try log:

ERROR 01 Dec 2009 13:43:10,630 [] - Attempted to log with inactive appender named [SYSLOG_LOCAL1].
DEBUG 01 Dec 2009 13:43:10,546 [main:org.apache.log4j.PropertyConfigurator] - Level token is [all].
ERROR 01 Dec 2009 13:43:10,631 [] - Attempted to log with inactive appender named [SYSLOG_LOCAL1].
DEBUG 01 Dec 2009 13:43:10,546 [main:org.apache.log4j.PropertyConfigurator] - Category root set to ALL.
ERROR 01 Dec 2009 13:43:10,631 [] - Attempted to log with inactive appender named [SYSLOG_LOCAL1].

Do you have any idea about my problem?

Thanks in advance

Magnus K Karlsson said...

I would start with testing that Syslog Local1 is up and running. You can from a Termianl test that with 'logger' command:

logger Local1 Magnus K Karlsson test message

and then look for log message in /var/log/local1.log if that was your configured log file path.

Magnus K Karlsson said...

With Ubuntu 9.10 the sysklogd package has been replaced with rsyslog. And the configuration file has been moved to /etc/rsyslog.d/50-default.

For more details, please read

Mywork said...

how to do the same with windows o.s

Anonymous said...

What needs to be configured in Syslogs to get java stack trace errors to show? Right now, with my syslog configuration, it only prints out the line number of the stack trace error. For example, for the stack trace below, it will only show "22)" and "17)":