Hi,

I am struggeling with configuration of the log4j2 syslog appender for audit logger.
Has anyone an example of the log4j2.properties to add syslog appender to audit logger?

elasticsearch.yml looks like that

opendistro_security.audit.type: log4j
opendistro_security.audit.config.log4j.logger_name: audit
opendistro_security.audit.config.log4j.level: INFO
opendistro_security.audit.enable_rest: true
opendistro_security.audit.enable_transport: true
opendistro_security.audit.ignore_users: NONE

Thanks

@Mian Would the below example help?

Declare loggers

name=LoggingConfig
appenders=a_console, a_rolling
rootLogger.level=info
rootLogger.appenderRefs=ar_console,ar_rolling
rootLogger.appenderRef.ar_console.ref=StdoutAppender
rootLogger.appenderRef.ar_rolling.ref=DailyRollingAppender

Console logger

appender.a_console.type=Console
appender.a_console.name=StdoutAppender
appender.a_console.layout.type=PatternLayout
appender.a_console.layout.pattern=%d{ISO8601} [%t] %-5p (%F:%L) - %m%n

File logger

appender.a_rolling.type=RollingFile
appender.a_rolling.name=DailyRollingAppender
appender.a_rolling.layout.pattern=%d{ISO8601} [%t] %-5p (%F:%L) - %m%n

appender.a_rolling.fileName=log4j2-sample.log
appender.a_rolling.filePattern=log4j2-sample-%d{yyyy-MM-dd}.log

appender.a_rolling.layout.type=PatternLayout
appender.a_rolling.policies.type=Policies
appender.a_rolling.policies.time.type=TimeBasedTriggeringPolicy
appender.a_rolling.policies.time.interval=1

Hi, thank you!
But a running configuration for SYSLOG appender and AUDIT logger would help me.