实验目的:
1.把FATAL级错误写入2000NT日志
2. WARN,ERROR,FATAL级错误发送email通知管理员
3.其他级别的错误直接在后台输出
实验步骤:
输出到2000NT日志
1.把Log4j
压缩包里的NTEventLogAppender.dll拷到WINNT/SYSTEM32目录下 (PS: 我这里放在tomcatc的bin才行)
2.写配置文件log4j.properties
# 在2000系统日志输出
log4j.logger.NTlog=FATAL, A8
# APPENDER A8
log4j.appender.A8=
org.apache.log4j.nt.
NTEventLogAppender
log4j.appender.A8.
Source
=JavaTest
log4j.appender.A8.layout=org.apache.log4j.PatternLayout
log4j.appender.A8.layout.ConversionPattern=%-4r %-5p [%t] %37c %3x - %m%n
3.调用代码:
Logger logger2 = Logger.getLogger("NTlog"); //要和配置文件中设置的名字相同
logger2.debug("debug!!!");
logger2.info("info!!!");
logger2.warn("warn!!!");
logger2.error("error!!!");
//只有这个错误才会写入2000日志
logger2.fatal("fatal!!!");
发送email通知管理员:
1. 首先下载JavaMail和JAF,
http://java.sun.com/j2ee/ja/javamail/index.html
http://java.sun.com/beans/glasgow/jaf.html
在项目中引用mail.jar和activation.jar。
2. 写配置文件
# 将日志发送到email
log4j.logger.MailLog=WARN,A5
# APPENDER A5
log4j.appender.A5=org.apache.log4j.net.SMTPAppender
log4j.appender.A5.BufferSize=5
log4j.appender.A5.To=chunjie@263.net
log4j.appender.A5.From=error@error.com
log4j.appender.A5.Subject=ErrorLog
log4j.appender.A5.SMTPHost=smtp.263.net
log4j.appender.A5.layout=org.apache.log4j.PatternLayout
log4j.appender.A5.layout.ConversionPattern=%-4r %-5p [%t] %37c %3x - %m%n
3.调用代码:
//把日志发送到mail
Logger logger3 = Logger.getLogger("MailLog");
logger3.warn("warn!!!");
logger3.error("error!!!");
logger3.fatal("fatal!!!");
在后台输出所有类别的错误:
1. 写配置文件
# 在后台输出
log4j.logger.console=DEBUG, A1
# APPENDER A1
log4j.appender.A1=org.apache.log4j.ConsoleAppender
log4j.appender.A1.layout=org.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern=%-4r %-5p [%t] %37c %3x - %m%n
2.调用代码
Logger logger1 = Logger.getLogger("console");
logger1.debug("debug!!!");
logger1.info("info!!!");
logger1.warn("warn!!!");
logger1.error("error!!!");
logger1.fatal("fatal!!!");
--------------------------------------------------------------------
全部配置文件:log4j.properties
# 在后台输出
log4j.logger.console=DEBUG, A1
# APPENDER A1
log4j.appender.A1=org.apache.log4j.ConsoleAppender
log4j.appender.A1.layout=org.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern=%-4r %-5p [%t] %37c %3x - %m%n
# 在2000系统日志输出
log4j.logger.NTlog=FATAL, A8
# APPENDER A8
log4j.appender.A8=org.apache.log4j.nt.
NTEventLogAppender
log4j.appender.A8.Source
=JavaTest
log4j.appender.A8.layout=org.apache.log4j.PatternLayout
log4j.appender.A8.layout.ConversionPattern=%-4r %-5p [%t] %37c %3x - %m%n
# 将日志发送到email
log4j.logger.MailLog=WARN,A5
# APPENDER A5
log4j.appender.A5=org.apache.log4j.net.SMTPAppender
log4j.appender.A5.BufferSize=5
log4j.appender.A5.To=chunjie@263.net
log4j.appender.A5.From=error@error.com
log4j.appender.A5.Subject=ErrorLog
log4j.appender.A5.SMTPHost=smtp.263.net
log4j.appender.A5.layout=org.apache.log4j.PatternLayout
log4j.appender.A5.layout.ConversionPattern=%-4r %-5p [%t] %37c %3x - %m%n
全部代码:Log4j
Test.java
/*
* 创建日期 2003-11-13
*/
package edu.bcu.Bean;
import org.apache.log4j.*;
//import org.apache.log4j.nt.
*;
//import org.apache.log4j.net.*;
/**
* @author yanxu
*/
public class Log4j
Test
{
public static void main(String args[])
{
PropertyConfigurator.configure("log4j.properties");
//在后台输出
Logger logger1 = Logger.getLogger("console");
logger1.debug("debug!!!");
logger1.info("info!!!");
logger1.warn("warn!!!");
logger1.error("error!!!");
logger1.fatal("fatal!!!");
//在NT系统日志输出
Logger logger2 = Logger.getLogger("NTlog");
//NTEventLogAppender nla = new NTEventLogAppender();
logger2.debug("debug!!!");
logger2.info("info!!!");
logger2.warn("warn!!!");
logger2.error("error!!!");
//只有这个错误才会写入2000日志
logger2.fatal("fatal!!!");
//把日志发送到mail
Logger logger3 = Logger.getLogger("MailLog");
//SMTPAppender sa = new SMTPAppender();
logger3.warn("warn!!!");
logger3.error("error!!!");
logger3.fatal("fatal!!!");
}
}
配置syslog-ng集中式日志服务器管理log4j,windows,syslog
近来要做日志服务器,以便集中管理,windows,java,linux的日志,在网上找了很久,都是些零零散散关于log4j日志和syslog-
ng的,基本上没有直接能把log4j的日志发送给远程syslog-ng来管理的,在这里只把个人的一个成功办法记下来,方便有需要的兄弟,也希望能抛
金引玉,XD们有更多的好建议
在这里如何安装程序就不讲了,论坛里面有,再不用google找也可以找到的。
----------
1.安装syslog-ng
# vi /usr/local/syslog-ng/etc/syslog-ng.conf
options {
use_fqdn(yes);
chain_hostnames(off);
keep_hostname(off);
sync(0);
# The default action of syslog-ng 1.6.0 is to log a STATS line
# to the file every 10 minutes. That's pretty ugly after a while.
# Change it to every 12 hours so you get a nice daily update of
# how many messages syslog-ng missed (0).
stats(43200);
create_dirs(yes);
};
source s_internal { internal(); };
destination d_syslognglog { file("/var/log/syslog-ng.log"); };
log { source(s_internal); destination(d_syslognglog); };
source s_sys { file ("/proc/kmsg" log_prefix("kernel: ")); unix-stream ("/dev/log"); internal(); };
destination d_cons { file("/dev/console"); };
destination d_mesg { file("/var/log/messages"); };
destination d_auth { file("/var/log/secure"); };
destination d_mail { file("/var/log/maillog"); };
destination d_spol { file("/var/log/spooler"); };
destination d_boot { file("/var/log/boot.log"); };
destination d_cron { file("/var/log/cron"); };
destination d_rsync { file("/var/log/rsync"); };
destination d_mlal { usertty("*"); };
filter f_filter1 { facility(kern); };
filter f_filter2 { level(info) and
not (facility(mail)
or facility(authpriv) or facility(cron)); };
filter f_filter3 { facility(authpriv); };
filter f_filter4 { facility(mail); };
filter f_filter5 { level(emerg); };
filter f_filter6 { facility(uucp) or
(facility(news) and level(crit)); };
filter f_filter7 { facility(local7); };
filter f_filter8 { facility(cron); };
filter f_filter9 { facility(daemon); };
filter f_filter10 { facility(local6); };
#log { source(s_sys); filter(f_filter1); destination(d_cons); };
log { source(s_sys); filter(f_filter2); destination(d_mesg); };
log { source(s_sys); filter(f_filter3); destination(d_auth); };
log { source(s_sys); filter(f_filter4); destination(d_mail); };
log { source(s_sys); filter(f_filter5); destination(d_mlal); };
log { source(s_sys); filter(f_filter6); destination(d_spol); };
log { source(s_sys); filter(f_filter7); destination(d_boot); };
log { source(s_sys); filter(f_filter8); destination(d_cron); };
# Remote logging
source s_remote {
udp(ip(0.0.0.0) port(514));
};
destination r_mesg {
file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/messages" owner("root")
group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_auth {
file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/secure" owner("root")
group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_mail {
file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/maillog" owner("root")
group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_spol {
file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/spooler" owner("root")
group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_boot {
file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/boot.log" owner("root")
group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_cron {
file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/cron" owner("root")
group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_daemon {
file("/var/log/syslog-ng/$YEAR$MONTH$DAY/$HOST/daemon" owner("root")
group("root") perm(0640) dir_perm(0750) create_dirs(yes)); };
destination r_local6 {
file("/var/log/syslog-ng/$YEAR$MONTH$DAY/network/messages"
owner("root") group("root") perm(0640) dir_perm(0750)
create_dirs(yes)); };
#destination d_separatedbyhosts {
# file("/var/log/syslog-ng/$HOST/messages" owner("root") group("root") perm(0640) dir_perm(0750) create_dirs(yes));
#};
#log { source(s_remote); destination(d_separatedbyhosts); };
log { source(s_remote); filter(f_filter2); destination(r_mesg); };
log { source(s_remote); filter(f_filter3); destination(r_auth); };
log { source(s_remote); filter(f_filter4); destination(r_mail); };
log { source(s_remote); filter(f_filter6); destination(r_spol); };
log { source(s_remote); filter(f_filter7); destination(r_boot); };
log { source(s_remote); filter(f_filter8); destination(r_cron); };
log { source(s_remote); filter(f_filter9); destination(r_daemon); };
log { source(s_remote); filter(f_filter10); destination(r_local6); };
# syslog-ng conf file for use with phpsyslog-ng
#source src {
# unix-stream("/dev/log" max-connections(256));
# internal();
# file("/proc/kmsg");
# tcp();
# udp();
#};
#
#log {
# source(src);
# destination(d_mysql);
#};
#
#destination d_mysql {
# program("/usr/bin/mysql --user=root --password= syslog < /var/log/mysql.pipe");
# pipe("/var/log/mysql.pipe" template("INSERT INTO logs (host,
facility, priority, level, tag, datetime, program, msg) VALUES (
'$HOST', '$FACILITY', '$PRIORITY', '$LEVEL', '$TAG', '$YEAR-$MONTH-$DAY
$HOUR:$MIN:$SEC','$PROGRAM', '$MSG' );/n") template-escape(yes));
#};
把syslog-ng增加到开机启动
#echo "/usr/local/syslog-ng/sbin/syslog-ng" >> /etc/rc.local
2.JAVA日志
安装tomcat和java环境请看本人另外的文章。这里主要讲log4j的相关配置,把日志发送给远程syslog-ng服务器
在tomcat的一个应用工程里面vi /.../WEB-INF/classes/log4j.properties
################ write to the file##################
log4j.rootLogger=info,debug,warn,syslog,A1
log4j.appender.A1=org.apache.log4j.DailyRollingFileAppender
log4j.appender.A1.file=/var/log/messages
#log4j.appender.A1.DatePattern=yyyy-MM-dd'.log'
log4j.appender.A1.layout=org.apache.log4j.PatternLayout
log4j.appender.A1.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss, SSS}[%c]-[%p] %m%n
######################## write to the syslog ######################
# Appender to syslog
#log4j.rootCategory=INFO,DEBUG, CONSOLE, FILE, syslog
log4j.appender.syslog=org.apache.log4j.net.SyslogAppender
#log4j.appender.syslog.SyslogHost=192.168.76.100 (日志服务器的IP地址)
log4j.appender.syslog.SyslogHost=127.0.0.1
log4j.appender.syslog.Port=514
log4j.appender.syslog.Facility=local5
log4j.appender.syslog.layout=org.apache.log4j.PatternLayout
log4j.appender.syslog.layout.ConversionPattern=%p: %c{2} - %m%n
修改本地syslog
vi /etc/syslog.conf
local5.* @192.168.76.100(日志服务器的IP地址)
3.windows日志
windows日志不支持syslog格式
下载地址为:https://engineering.purdue.edu/ECN/Resources/Documents/UNIX/evtsys/
解压后是两个文件evtsys.dll和evtsys.exe
把这两个文件拷贝到 c:/windows/system32目录下。
打开Windows命令提示符(开始->运行 输入CMD)
C:/>evtsys –i –h 192.168.76.100 #(日志服务器的IP地址)
-i 表示安装成系统服务
-h 指定log服务器的IP地址
如果要卸载evtsys,则:
net stop evtsys
evtsys -u
启动该服务:
C:/>net start evtsys
配置完成
4.syslog日志
编辑下面文件,加入下列语句就可以了。
#vi /etc/syslog.conf
*.* @remotehost