- Locate Tomcat Logs /opt/tomcat/logs/catalina.out
- Install rsyslog modules (if not already)
sudo yum list rsyslog rsyslog-mmnormalize
sudo yum update
sudo yum install rsyslog rsyslog-mmnormalize3. Create Rulebase File
For example: /etc/rsyslog.d/tomcat.rulebase
rule=:%level:word% %rest:rest%- Create rsyslog configuration
For example: /etc/rsyslog.d/30-tomcat.conf
module(load="imfile")
module(load="mmnormalize")
input(type="imfile"
File="/opt/tomcat/logs/catalina.out"
Tag="tomcat"
Severity="info" # Initial placeholder; will be overridden
Facility="local6"
Ruleset="tomcat-parse")
parser(name="tomcat-parser" type="mmnormalize"
rulebase="/etc/rsyslog.d/tomcat.rulebase")
ruleset(name="tomcat-parse") {
action(type="mmnormalize"
parser="tomcat-parser")
set $.sev = "6" # default severity: info
if $!level == "ERROR" then set $.sev = "3"
if $!level == "WARN" then set $.sev = "4"
if $!level == "DEBUG" then set $.sev = "7"
if $!level == "INFO" then set $.sev = "6"
call tomcat-out
}
ruleset(name="tomcat-out") {
action(type="omfwd"
target="your-syslog-server"
port="514"
protocol="udp"
facility="local6"
severity="$!$.sev")
}- Set Permissions
sudo semanage fcontext -a -t var_log_t “/boxapps/apache/logs(/.*)?” - is used in SELinux (Security-Enhanced Linux) to assign a file context type to a specific directory and its contents.
| Part | Meaning |
|---|---|
sudo | Run the command with superuser privileges |
semanage fcontext | SELinux management command to define file contexts |
-a | Add a new file context mapping |
-t var_log_t | Assign the SELinux type var_log_t, which is used for log files |
"/boxapps/apache/logs(/.*)?" | Apply to /boxapps/apache/logs and all files/directories under it |
- Restart rsyslog
sudo systemctl restart rsyslog7. Use tcpdump to verify syslog traffic sudo tcpdump -i any udp port 514
sudo tcpdump -i any udp port 514 and dst host x.x.x.x| Code | Severity | Meaning |
|---|---|---|
| 0 | emerg | System is unusable |
| 1 | alert | Immediate action required |
| 2 | crit | Critical conditions |
| 3 | err | Error conditions |
| 4 | warning | Warning conditions |
| 5 | notice | Normal but significant event |
| 6 | info | Informational messages |
| 7 | debug | Debug-level messages |
$2.75 per monthHostGator
24/7/365 Technical Support, Free Site Building Tools, 4500 Website Templates, Free Shopping Cart Software, Ideal for WordPress, 45 Day Money Back Guarantee
| Facility | Code | Typical Usage with Tomcat |
|---|---|---|
local0 | 16 | General application logging (default choice) |
local1 | 17 | Dedicated to Tomcat application logs |
local2 | 18 | Separate logs for different environments |
daemon | 3 | For system services like Tomcat daemon |
user | 1 | Default facility for user-level logs |
How does configuration is processed?
When rsyslog starts, it processes its main configuration file:
/etc/rsyslog.confWithin that file, you’ll typically find this line:
$IncludeConfig /etc/rsyslog.d/*.confThis directive tells rsyslog to read and process all .conf files in /etc/rsyslog.d/, in lexicographical (alphabetical) order. So:
01-base.conf is processed before 20-custom.conf
z-final.conf is processed last
Starts at 30$ per monthAll in One WordPress Hosting
WordPress
High optimized WordPress hosting, secure firewall, HTTPS, Backup, hack-fix guarantee and many others at 30$ per month
