Using the syslog appender in elasticsearch

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

Using the syslog appender in elasticsearch

Darron Froese
I'm trying to log the Elasticsearch output via syslog to Papertrail.
The rest of the machine works just fine already - all syslog output
automatically goes to them via this rule:

*.*          @logs.papertrailapp.com:xxxxx

Here is my ES logging config:

http://d.pr/pXwe

Nothing from Elasticsearch makes it over to Papertrail.

Anybody ever dealt with this?

Any pointers?
Reply | Threaded
Open this post in threaded view
|

Re: Using the syslog appender in elasticsearch

Ludovic Levesque
Hi,

you have to put 'syslog' in your rootLogger

Ludo


On Thu, Dec 29, 2011 at 4:52 AM, Darron Froese <[hidden email]> wrote:

> I'm trying to log the Elasticsearch output via syslog to Papertrail.
> The rest of the machine works just fine already - all syslog output
> automatically goes to them via this rule:
>
> *.*          @logs.papertrailapp.com:xxxxx
>
> Here is my ES logging config:
>
> http://d.pr/pXwe
>
> Nothing from Elasticsearch makes it over to Papertrail.
>
> Anybody ever dealt with this?
>
> Any pointers?
Reply | Threaded
Open this post in threaded view
|

Re: Using the syslog appender in elasticsearch

Darron Froese
Hmm - I've done that - it doesn't seem to work:

http://d.pr/yPkr

I think I'm putting things in the right place - any other ideas?

On Thu, Dec 29, 2011 at 7:47 AM, Ludovic Levesque <[hidden email]> wrote:

> Hi,
>
> you have to put 'syslog' in your rootLogger
>
> Ludo
>
>
> On Thu, Dec 29, 2011 at 4:52 AM, Darron Froese <[hidden email]> wrote:
>> I'm trying to log the Elasticsearch output via syslog to Papertrail.
>> The rest of the machine works just fine already - all syslog output
>> automatically goes to them via this rule:
>>
>> *.*          @logs.papertrailapp.com:xxxxx
>>
>> Here is my ES logging config:
>>
>> http://d.pr/pXwe
>>
>> Nothing from Elasticsearch makes it over to Papertrail.
>>
>> Anybody ever dealt with this?
>>
>> Any pointers?
Reply | Threaded
Open this post in threaded view
|

Re: Using the syslog appender in elasticsearch

kimchy
Administrator
Do you see anything failing on the console output (run it in the foreground)? I've never used log4j with syslog, but your config looks good.

On Thu, Dec 29, 2011 at 9:33 PM, Darron Froese <[hidden email]> wrote:
Hmm - I've done that - it doesn't seem to work:

http://d.pr/yPkr

I think I'm putting things in the right place - any other ideas?

On Thu, Dec 29, 2011 at 7:47 AM, Ludovic Levesque <[hidden email]> wrote:
> Hi,
>
> you have to put 'syslog' in your rootLogger
>
> Ludo
>
>
> On Thu, Dec 29, 2011 at 4:52 AM, Darron Froese <[hidden email]> wrote:
>> I'm trying to log the Elasticsearch output via syslog to Papertrail.
>> The rest of the machine works just fine already - all syslog output
>> automatically goes to them via this rule:
>>
>> *.*          @logs.papertrailapp.com:xxxxx
>>
>> Here is my ES logging config:
>>
>> http://d.pr/pXwe
>>
>> Nothing from Elasticsearch makes it over to Papertrail.
>>
>> Anybody ever dealt with this?
>>
>> Any pointers?

Reply | Threaded
Open this post in threaded view
|

Re: Using the syslog appender in elasticsearch

Antonio Lobato
Bumping this old thread with new info:

Darron's config is actually right on, except for one tiny thing.  The sysloghost line actually has to read: "syslogHost", with a capital H.  Works like a charm after that.

:)

On Friday, December 30, 2011 7:38:07 AM UTC-5, kimchy wrote:
Do you see anything failing on the console output (run it in the foreground)? I've never used log4j with syslog, but your config looks good.

On Thu, Dec 29, 2011 at 9:33 PM, Darron Froese <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="YJeEe-rRUIAJ">dar...@...> wrote:
Hmm - I've done that - it doesn't seem to work:

http://d.pr/yPkr

I think I'm putting things in the right place - any other ideas?

On Thu, Dec 29, 2011 at 7:47 AM, Ludovic Levesque <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="YJeEe-rRUIAJ">lud...@...> wrote:
> Hi,
>
> you have to put 'syslog' in your rootLogger
>
> Ludo
>
>
> On Thu, Dec 29, 2011 at 4:52 AM, Darron Froese <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="YJeEe-rRUIAJ">dar...@...> wrote:
>> I'm trying to log the Elasticsearch output via syslog to Papertrail.
>> The rest of the machine works just fine already - all syslog output
>> automatically goes to them via this rule:
>>
>> *.*          @logs.papertrailapp.com:xxxxx
>>
>> Here is my ES logging config:
>>
>> http://d.pr/pXwe
>>
>> Nothing from Elasticsearch makes it over to Papertrail.
>>
>> Anybody ever dealt with this?
>>
>> Any pointers?

--
 
 
Reply | Threaded
Open this post in threaded view
|

Re: Using the syslog appender in elasticsearch

releasebeta
This post has NOT been accepted by the mailing list yet.
In reply to this post by Darron Froese
Can someone post the working logging.yml for this?

I tried with

  syslog:
    type: syslog
    sysloghost: localhost
    facility: local1
    layout:
      type: pattern
      conversionPattern: "[%d{ISO8601}][%-5p][%-25c] %m%n"

But nothing got pushed to syslog. My logs are going to /var/log/elasticsearch.log but nothing goes to syslog.

I need to push them to papertrail later using simple rsyslog forwarding.