Centralized Logging of openhab via Graylog, Elasticsearch etc

The out-of-the box logging handing of openhabian via frontail works perfectly - if the log entries are only a couple of minutes / hours old. As I was looking for a centralized logging solution to be able to easily find log entries that are a couple of days / weeks old without filling up my openhabian setup, I came to this tutorial which works quite fine Logging to graylog and relies on docker containers for elastic search, redis and graylog as centralized logging handler - all for free.

The solution works fine but as i implemented the log appender via log4j (via syslog - udp) every time I reboot the (seperate) logging instance of graylog the connection breaks up (which should not happen when using UDP should it). I have to reboot openhab2 too to make it work again - which is not a good productive setup.

Anyone able to help?

This phrase appears to be entirely content free.

Means I receive no more UDP connections from the openhabian system to my graylog instance - thought that is clear. I have no clue where to look up to receive more content.

It the packets are being sent but not received the issue appears to be on the graylog side or the internal Docker networking between the applications then.

The following is a working log4j2.xml config to log to GrayLog directly without going through syslog.

Create the following Socket appender.

                <!-- Gelf appender -->
                <!-- https://logging.apache.org/log4j/2.x/manual/layouts.html#GELFLayout -->

                <Socket name="GRAYLOG" host="10.10.1.111" port="12201" protocol="tcp" immediateFail="true">
                        <GelfLayout host="argus" compressionType="OFF" includeNullDelimiter="true" includeStacktrace="true">
                                <!-- <KeyValuePair key="additionalField1" value="constant value"/>
                                     <KeyValuePair key="additionalField2" value="${ctx:key}"/> -->
                        </GelfLayout>
                </Socket>

Then add GRAYLOG to each logger you want to forward to GrayLog. For example:

                <!-- Karaf Shell logger -->
                <Logger level="OFF" name="org.apache.karaf.shell.support">
                        <AppenderRef ref="STDOUT"/>
                        <AppenderRef ref="GRAYLOG"/>
                </Logger>

For UDP see the URL in the comment above the appender.