javadockerlog4j2graylog

How to send log by Log4j2 to Graylog?


I'm trying to integrate a java application with a graylog server on the docker. but I'm not able to send messages from my application to graylog, can someone help me?

Here is my Docker Run:

$ docker run --name mongo -d mongo:3
$ docker run --name elasticsearch \
    -e "http.host=0.0.0.0" \
    -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
    -d docker.elastic.co/elasticsearch/elasticsearch-oss:6.8.10
$ docker run --name graylog --link mongo --link elasticsearch \
    -p 9000:9000 -p 12201:12201 -p 1514:1514 \
    -e GRAYLOG_HTTP_EXTERNAL_URI="http://127.0.0.1:9000/" \
    -d graylog/graylog:3.3

here is my Input config inside Graylog

Graylog Input

here is the application tutorial i am using: https://talhature.com/2020/04/25/using-graylog-with-log4j2/

here is my log4j2.xml

<?xml version="1.0" encoding="UTF-8" ?>
<Configuration status="TRACE" monitorInterval="180">
    <Properties>
        <Property name="app-name">graylog-example-fatjar</Property>

        <!-- CHANGE log-path ACCORDING TO YOUR NEEDS -->
        <Property name="log-path">$${sys:application-directory}/${app-name}/log
        </Property>
        <Property name="log-pattern">[%sn] %d{yyyy/MM/dd HH:mm:ss,SSS} [%-6p] [%t]
            %c{3}:%L - %m%n</Property>
    </Properties>

    <!-- CHANGE HOST AND PORT PROPERTIES ACCORDING TO YOUR NEEDS -->
    <Appenders>
        <Gelf name="gelf" host="udp:127.0.0.1" port="12201"
            version="1.1" extractStackTrace="true" filterStackTrace="true"
            mdcProfiling="true" includeFullMdc="true" maximumMessageSize="8192"
            originHost="%host{fqdn}">

            <!-- THESE FIELD DEFINITIONS ARE NOT MANDATORY, YOU CAN USE DEFAULTS -->
            <Field name="timestamp" pattern="%d{dd MMM yyyy HH:mm:ss,SSS}" />
            <Field name="level" pattern="%level" />
            <Field name="simpleClassName" pattern="%C{1}" />
            <Field name="className" pattern="%C" />
            <Field name="server" pattern="%host" />
            <Field name="server.fqdn" pattern="%host{fqdn}" />

            <!-- THESE ARE MY CUSTOM GRAYLOG FIELDS -->
            <Field name="logStream" literal="MYAWESOMEAPPS" />
            <Field name="projectName" literal="MYAWESOMEPROJECT" />
        </Gelf>
        <RollingFile name="RollingFile"
            fileName="${log-path}/server/${app-name}-server"
            filePattern="${log-path}/server/${app-name}-server-%d{yyyy-MM-dd}-%i.log.gz"
            append="false">
            <PatternLayout>
                <pattern>${log-pattern}</pattern>
            </PatternLayout>
            <Policies>
                <SizeBasedTriggeringPolicy size="100 MB" />
            </Policies>
        </RollingFile>
    </Appenders>

    <Loggers>
        <Root level="INFO" additivity="false" includeLocation="true">
            <AppenderRef ref="RollingFile" />
            <AppenderRef ref="gelf" />
        </Root>
    </Loggers>
</Configuration>

*SOLUTION

up my docker this way to open a port 5555:

$ docker run --link mongo --link elasticsearch \
    -p 9000:9000 -p 12201:12201 -p 1514:1514 -p 5555:5555 \
    -e GRAYLOG_HTTP_EXTERNAL_URI="http://127.0.0.1:9000/" \
    -d graylog/graylog:3.3

in my log4j2.xml i change the line 7:

<Gelf name="Gelf" host="tcp:127.0.0.1" port="5555" version="1.1"

and my Graylog Input (Gelf:TCP): Graylog Input Gelf TCP


Solution

  • Graylog employee here. From what you're saying, it sounds like you've not enabled a GELF input on your Graylog instance. I'd recommend reading through our Docker installation docs for graylog version 3.3 here. Newer documentation can be found here

    I'll note that while the input in the example is for Raw/Plaintext, if you create a GELF TCP input using the instructions in that portion of the docs, then you should start seeing your logs show in the UI.