Add the following dependency section to your pom.xml:
<dependencies>
...
<dependency>
<groupId>org.graylog2</groupId>
<artifactId>gelfj</artifactId>
<version>1.1.16</version>
<scope>compile</scope>
</dependency>
...
</dependencies>
It's very simple GELF implementation in pure Java with the Log4j appender and JDK Logging Handler. It supports chunked messages which allows you to send large log messages (stacktraces, environment variables, additional fields, etc.) to a Graylog2 server.
Following transports are supported:
Drop the latest JAR into your classpath and configure Log4j to use it.
GelfAppender will use the log message as a short message and a stacktrace (if exception available) as a long message if "extractStacktrace" is true.
To use GELF Facility as appender in Log4j (XML configuration format):
<appender name="graylog2" class="org.graylog2.log.GelfAppender">
<param name="graylogHost" value="192.168.0.201"/>
<param name="originHost" value="my.machine.example.com"/>
<param name="extractStacktrace" value="true"/>
<param name="addExtendedInformation" value="true"/>
<param name="facility" value="gelf-java"/>
<param name="Threshold" value="INFO"/>
<param name="additionalFields" value="{'environment': 'DEV', 'application': 'MyAPP'}"/>
</appender>
and then add it as a one of appenders:
<root>
<priority value="INFO"/>
<appender-ref ref="graylog2"/>
</root>
Or, in the log4j.properties format:
# Define the graylog2 destination
log4j.appender.graylog2=org.graylog2.log.GelfAppender
log4j.appender.graylog2.graylogHost=graylog2.example.com
log4j.appender.graylog2.originHost=my.machine.example.com
log4j.appender.graylog2.facility=gelf-java
log4j.appender.graylog2.layout=org.apache.log4j.PatternLayout
log4j.appender.graylog2.extractStacktrace=true
log4j.appender.graylog2.addExtendedInformation=true
log4j.appender.graylog2.additionalFields={'environment': 'DEV', 'application': 'MyAPP'}
# Send all INFO logs to graylog2
log4j.rootLogger=INFO, graylog2
AMQP Configuration:
log4j.appender.graylog2=org.graylog2.log.GelfAppender
log4j.appender.graylog2.amqpURI=amqp://amqp.address.com
log4j.appender.graylog2.amqpExchangeName=messages
log4j.appender.graylog2.amqpRoutingKey=gelfudp
log4j.appender.graylog2.amqpMaxRetries=5
log4j.appender.graylog2.facility=test-application
log4j.appender.graylog2.layout=org.apache.log4j.PatternLayout
log4j.appender.graylog2.layout.ConversionPattern=%d{HH:mm:ss,SSS} %-5p [%t] [%c{1}] - %m%n
log4j.appender.graylog2.additionalFields={'environment': 'DEV', 'application': 'MyAPP'}
log4j.appender.graylog2.extractStacktrace=true
log4j.appender.graylog2.addExtendedInformation=true
GelfAppender supports the following options:
tcp:
GelfJsonAppender
is also available at org.graylog2.log.GelfJsonAppender
. This appender is exactly the same as GelfAppender
except that if you give it a parseable JSON string in the log4j message, then it will automatically set additional fields according to that JSON.
For example, given the log4j message "{\"simpleProperty\":\"hello gelf\"}"
, the GelfJsonAppender
will automatically add the additional field simpleProperty to your GELF logging. These fields are in addition to everything else.
The GelfJsonAppender
is fail safe. If the given log4j message cannot be parsed as JSON, then the message will still be logged, but there will be no additional fields derived from the message.
Configured via properties as a standard Handler like
handlers = org.graylog2.logging.GelfHandler
.level = ALL
org.graylog2.logging.GelfHandler.level = ALL
org.graylog2.logging.GelfHandler.graylogHost = syslog.example.com
#org.graylog2.logging.GelfHandler.graylogPort = 12201
#org.graylog2.logging.GelfHandler.extractStacktrace = true
#org.graylog2.logging.GelfHandler.additionalField.0 = foo=bah
#org.graylog2.logging.GelfHandler.additionalField.1 = foo2=bah2
#org.graylog2.logging.GelfHandler.facility = local0
.handlers=org.graylog2.logging.GelfHandler
The Graylog Extended Log Format (GELF) avoids the shortcomings of classic plain syslog:
You can get more information here: http://www.graylog2.org/about/gelf