Mian
May 6, 2021, 11:54am
1
Hi,
I am struggeling with configuration of the log4j2 syslog appender for audit logger.
Has anyone an example of the log4j2.properties to add syslog appender to audit logger?
elasticsearch.yml looks like that
opendistro_security.audit.type: log4j
opendistro_security.audit.config.log4j.logger_name: audit
opendistro_security.audit.config.log4j.level: INFO
opendistro_security.audit.enable_rest: true
opendistro_security.audit.enable_transport: true
opendistro_security.audit.ignore_users: NONE
Thanks
@Mian Would the below example help?
Declare loggers
name=LoggingConfig
appenders=a_console, a_rolling
rootLogger.level=info
rootLogger.appenderRefs=ar_console,ar_rolling
rootLogger.appenderRef.ar_console.ref=StdoutAppender
rootLogger.appenderRef.ar_rolling.ref=DailyRollingAppender
Console logger
appender.a_console.type=Console
appender.a_console.name=StdoutAppender
appender.a_console.layout.type=PatternLayout
appender.a_console.layout.pattern=%d{ISO8601} [%t] %-5p (%F:%L) - %m%n
File logger
appender.a_rolling.type=RollingFile
appender.a_rolling.name=DailyRollingAppender
appender.a_rolling.layout.pattern=%d{ISO8601} [%t] %-5p (%F:%L) - %m%n
appender.a_rolling.fileName=log4j2-sample.log
appender.a_rolling.filePattern=log4j2-sample-%d{yyyy-MM-dd}.log
appender.a_rolling.layout.type=PatternLayout
appender.a_rolling.policies.type=Policies
appender.a_rolling.policies.time.type=TimeBasedTriggeringPolicy
appender.a_rolling.policies.time.interval=1
Mian
May 11, 2021, 11:02am
3
Hi, thank you!
But a running configuration for SYSLOG appender and AUDIT logger would help me.