AuM
I'm new here

Adjust the fs-server.log format

Hey there,

do you know if there's a possibility to adjust the fs-server.log format? Especially I'm interested in adding the execution ID for schedule entry related log events to allow a better automatic processing of the fs-server.log via Splunk / ELK / etc.

Currently the log format is like: INFO  07.10.2015 13:07:06.966 {pID=11,uID=0,seID=1234,g-node=1640}... and I've noticed that the seID is the same as the scheduleEntry Id, if a log event is related to a schedule entry. Sadly that doesn't allow aggregation of all log events for schedule entries that are executed in parallel. I already tried adding additional parameters to the log4j MDC, but those aren't included in the logfiles.

P.S. I'm aware that there are also log/schedule/* logfiles, but due to size, complexity and performance reasons I don't want to parse those logfiles too.

Thanks for your input,

Martin

0 Kudos
4 Replies
marza
I'm new here

Hey Martin,

you can modify the FirstSpirit logging by means of Log4J (configuration files are also located at <server_root>/conf(fs-logging.*.conf) at your own risk (please consult the official Log4J documentation at https://logging.apache.org/log4j/1.2/manual.html😞

logging_config.png

If the onboard possibilies are not suffient then you can provide own appenders by adding jar files to <server_root>/shared/lib.

I have not test this but on github you can find this:

https://github.com/damiendallimore/SplunkJavaLogging

Or without a foreign library by means of log4j you can to this according to the splunk people:

https://answers.splunk.com/answers/5133/log4j-socket-appender-and-splunk.html#answer-5158

The (network) socket appender mentioned above can be tested with Log4Js chainsaw tool:

https://logging.apache.org/chainsaw/

I did that in the past with a lot of Java projects myself when I want to filter log events in real time (instead of opening a log file).

Personally I like the idea to add an own Log4J appender definition and add it to the root category. So you would leave the FirstSpirit logging facility (fs-appender) untouched. Then you specify what kind of format the appender might have and where it puts the data (may it a file, network, database or email).

Regards

Marian

Hallo Marian,

danke für die Antwort!

Mir ist klar, dass ich mit Log4J Bordmitteln einiges am Format machen kann und sogar über SocketAppender & Co auch direkt die Logs in Richtung Logstash, Splunk und Co streamen kann.

Mir ist jedoch nicht klar, wie ich im Appender für ein Log-Event die Ausführungs-Id des zugehörigen Auftrags herausbekommen kann. Soll ich am Start des Auftrags eine MDC Variable mit dieser ID setzen oder bietet mir FS was im Standard? Hast Du da eine Idee?

Eine Erweiterung des FSAppender Formats ist nicht möglich?

Gruß und Danke!

0 Kudos

Hallo Martin,

ich denke MDC wäre auch für mich der Weg der Wahl. Im Moment wüsste ich auch nichts besseres.

Grüße Marian

0 Kudos
MichaelaReydt
Community Manager

Hallo Martin,

ist dieses Posting noch aktuell? Benötigst du noch weitere Hilfe oder haben dir Marians Antworten bereits weiter geholfen?

Viele Grüße

Michaela

0 Kudos