Logging to graylog

Nice. I guess I didn’t read that well. I was tired.

I spent some time with this today and wanted to spit out some of my findings.

You don’t need to feed OH through rsyslog first. You can log directly to graylog server’s syslog input if you like. I didn’t want all the other debian default syslog stuff so instead of modifying how debian syslogs, I just bypassed rsyslog.

If you do use rsyslog, the template is no longer needed as newer rsyslog has it built in:

*.* @graylog.example.org:514;RSYSLOG_SyslogProtocol23Format

Single @ sign if you want to use udp, 2 for tcp.

I also tweaked the appender definition as it was passing through source as localhost and I didn’t care for the message layout. So, if you simply want to take a plain Jane OH on debian and log to graylog on a remote host both root and events:

Change log4j.rootLogger = WARN, out, syslog, osgi:*
Change log4j.logger.smarthome.event = INFO, event, syslog, osgi:*

Append:

# Syslog appender
log4j.appender.syslog=org.apache.log4j.net.SyslogAppender
log4j.appender.syslog.layout=org.apache.log4j.PatternLayout
log4j.appender.syslog.layout.ConversionPattern=%p: %c{2} - %m%n
log4j.appender.syslog.syslogHost=IP/DNS OF GRAYLOG SERVER
log4J.appender.syslog.facility=local0
log4j.appender.syslog.facilityPrinting=false
log4j.appender.syslog.Header=true

The header=true seemed to be the key for getting the proper hostname passed through to graylog. Otherwise you just get source=localhost.