JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 1

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 2

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • It is common practice to send log output to a syslog server, for example, to integrate with IBM QRadar® SIEM:
    • this can happen in addition to writing individual log files ,and
    • this can happen instead of using individual log files.
  • The syslog server can be located on the host where JS7 components are operated and it can be located on an arbitrary host in the user's network.
  • Consider to be familiar with It is assumed that readers are familiar with the JS7 - Log Files and Locations and JS7 - Log Rotation article.

Syslog Configuration

The JS7 makes use of Log4j2 that offers uses Log4j2 which uses a Syslog Appender to forward log output by use of a Syslog Appender. The respective required configuration can be applied to the a log4j2.xml file that which can be created from an example that is available example in the JETTY_BASE/resources/joc directory. The syslog configuration could look like this:

...

  • Line 6-9: Appender
    • To the <Appenders> node add a <Syslog> element with the following attributes:
      • name: you can choose an arbitrary name that identifies the syslog appender and that which is used later on is use when referencing the appender.
      • format: you can use BSD or RFC5424. The log format is defined by RFC5424.
      • host, port: the host and port that the syslog server is available for.
      • protocol: you can choose UDP or TCP depending on the capabilities of your log server. We strongly discourage use of TCP as this would result in blocking behavior should if the syslog server is not be acccessible.
      • appName: the application name can freely be chosen.
      • includeMDC: this is required to forward the content of log output.
      • facility: the value can be LOCAL0 to . LOCAL7 (reserved for application logging).
      • enterpriseNumber: the above example includes the IANA private enterprise number of SOS. This value should not be changed.
      • newLine: specifies if entries to the syslog should be separated by a new line character.
      • messageId: the value can freely be chosen and works as a default to identify the structure of log output sent to the syslog server.
      • id: is an identifier for the structure of log output that which works as a fallback if not specified with the messageId.
  • Line 16-20: Logger
    •  In this example an existing JOCAuditLog Logger is extended:
      • the <AppenderRef ref="AuditSyslogAppender"/> element creates a reference to the syslog appender.
      • as a result, whatever output is written to the JOC Cockpit Audit Log, technically to the file audit.log, in . In addition it is forwarded to the syslog server.
      • the JOC Cockpit Audit Log is triggered for any changes to run-time objects such as to add adding or starting orders, to start orders, to suspend/kill suspending/killing orders and for any changes to the configuration such as to store objects, to delete objects and to deploy objectsstoring, deleting or deploying objects.
    • You could add the appender reference to any other Logger such as the Root Logger.

...

A Syslog Appender can similarly be added to Controller and Agents.

Consider Note the JS7 - Log Rotation article that explains the Log4j2 configuration with the log4j2.xml file.

...