Versions Compared

Old Version 5

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version Current

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

For more information, read more about Devo tags.

Expand
titleEvent types and formats

Access logs (access_log.yyyy-MM-dd)

JBoss v7 access log files are identical to those of the Apache Tomcat application server but you can control the actual event content in terms of format and fields included. 

The access log is not enabled by default so you need to edit the urn:jboss:domain:web:1.1 subsystem inthe standalone/configuration/standalone.xml file to add the access-log definition as in this example:

JBoss 7.x access-log configuration:

Code Block
<subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
    <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
    <virtual-server name="default-host" enable-welcome-root="true">
        <alias name="localhost"/>
            <access-log rotate="false" prefix="access_log.txt" pattern="combined" >
                <directory path="." relative-to="jboss.server.log.dir" />
            </access-log>
    </virtual-server>
</subsystem>

Devo supports three formats for access logs; two of them are based upon standard formats and the other is defined by Devo to offer a format that contains more details. Each of these formats corresponds with the third level of an access log tag.

  • The log format that corresponds to the web.jboss.accessClf tag is based on the Common Log Format (CLF). The specification of this format is:

    Code Block
    pattern="%h %l %u %t &quot;%r&quot; %s %b" pattern="common"

  • The log format that corresponds to the web.jboss.accessCombined tag is based on the NCSA Combined log format. The specification of this format is:

    Code Block
    pattern="%h %l %u %t &quot;%r&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot;" pattern="combined"

  • The log format that corresponds to the web.jboss.accessLt tag is a custom format defined by Devo to offer more detailed logging. The specification of this format that includes cookie names is:

    Code Block
    pattern="%t %a %l %u %S %v:%p %m &quot;%U%q&quot; %H &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{cookieName1}c:%{cookieName2}c&quot; %s %D %B %I"

    However, if you prefer not to include cookie names in your events, use this specification instead. 

    Code Block
    pattern="%t %a %l %u %S %v:%p %m &quot;%U%q&quot; %H &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;&quot; %s %D %B %I"

Server.log and boot.log

For general information about these log files and their default directories, see the WildFly Documentation.

You should review the configuration for the generation of boot.log and modify it as needed. You want to ensure it is generated using the default PATTERN formatter and that it is written in append mode. The configuration file is usually found in standalone/configuration/logging.properties or domain/configuration/logging.properties depending on if the server is started in managed domain or standalone server mode. These lines below are those you should review and edit as needed.

boot.log JBoss 7.x configuration:

Code Block
# File handler configuration
handler.FILE=org.jboss.logmanager.handlers.FileHandler
handler.FILE.level=DEBUG
handler.FILE.properties=autoFlush,append,fileName
handler.FILE.autoFlush=true
handler.FILE.append=true
handler.FILE.fileName=${org.jboss.boot.log.file:boot.log}
handler.FILE.formatter=PATTERN

...

These are the fields displayed in these tables:

web.jboss.accessClf

Field

Type

Source field name

Extra fields

eventdate

timestamp

 

environment

str

venv

application

str

vapp

clon

str

vclon

serverdate

timestamp

 

srcIp

ip4

 

user

str

 

method

str

 

url

str

 

protocol

str

 

statusCode

int4

 

responseLength

int4

 

srcIdentd

str

 

hostchain

str

 

tag

str

 

rawMessage

str

 

...

You can read more about using rsyslog to monitor and send files to a Devo endpoint here. These are the different aspects to consider:

Rw ui steps macro
Rw step

/etc/rsyslog.d/45-jboss.conf file: Here we offer a sample rsyslog configuration file that is set up to monitor the server and boot logs and one access log, and forward them to a Devo Relay.

Code Block
$template jboss,"<%PRI%>%timegenerated% %HOSTNAME% %syslogtag% %msg%"
 
# File server.log
$InputFileName JBOSS_PATH/standalone/log/server.log
$InputFileTag web.jboss.server.ENV.APP.CLON:
$InputFileStateFile stat-jboss-server1
$InputFileSeverity info
$InputFileFacility local7
$InputFilePollInterval 1
$InputFilePersistStateInterval 1
$InputRunFileMonitor
 
# File boot.log
$InputFileName JBOSS_PATH/standalone/log/boot.log
$InputFileTag web.jboss.boot.ENV.APP.CLON:
$InputFileStateFile stat-jboss-boot1
$InputFileSeverity info
$InputFileFacility local7
$InputFilePollInterval 1
$InputFilePersistStateInterval 1
$InputRunFileMonitor
 
# File access log
$InputFileName JBOSS_PATH/standalone/log/access_log.txt
$InputFileTag web.jboss.access-combined.ENV.APP.CLON:
$InputFileStateFile stat-jboss-accessCombined1
$InputFileSeverity info
$InputFileFacility local7
$InputFilePollInterval 1
$InputFilePersistStateInterval 1
$InputRunFileMonitor
 
# SSL config for DEVO cloud
#$DefaultNetstreamDriver gtls # use gtls netstream driver
#$DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca.crt
#$DefaultNetstreamDriverCertFile /etc/rsyslog.d/user.crt
#$DefaultNetstreamDriverKeyFile /etc/rsyslog.d/user.key
#$ActionSendStreamDriverMode 1 # require TLS for the connection
#$ActionSendStreamDriverAuthMode x509/name
#$ActionSendStreamDriverPermittedPeer collector
 
if $syslogtag contains 'web.jboss.' and $syslogfacility-text == 'local7' then @@DEVO-RELAY:PORT;jboss
:syslogtag, contains, "web.jboss." ~

Note the following placeholder values and other values that allow modification or required configuration in the sample file above:

  • JBOSS_PATH should be the absolute path where your JBoss log files reside. 

  • Replace ENV.APP.CLON with the values that represent the source environment, application, and instance.

  • In this example, the access log uses the accessCombined tag. You should specify the tag that corresponds to the format you have elected to use.

  • Replace DEVO-RELAY and PORT with the IP address and port of your Devo Relay.

  • You can uncomment the SSL section of the file to send the events directly to the Devo Cloud. In this case, you should replace DEVO-RELAY and PORT with the hostname of your Devo domain and port 443. 

  • Make sure that the file you are sending and the directory where resides can be read by the user running rsyslog. If not, you can assign the necessary permissions by changing the file group to syslog:

    Code Block
    chown :syslog /opt/jboss/standalone/log /opt/jboss/standalone/log/*
chmod 750 /opt/jboss/standalone/log
chmod 640 /opt/jboss/standalone/log/*
Rw step

/etc/logrotate.d/jboss.conf: To configure file rotation, you can use the logrotate utility. The following in an example of a jboss.conf might be set up.

Code Block
/opt/jboss/standalone/log/server.log /opt/jboss/standalone/log/boot.log /opt/jboss/standalone/log/access_log.txt
{
    rotate 14
    daily
    copytruncate
    missingok
    notifempty
    delaycompress
    compress
    sharedscripts
    lastaction
        service rsyslog stop
        rm -f /var/spool/rsyslog/stat-jboss-*
        service rsyslog start
    endscript
}
Rw step

Restart rsyslog process: When you have made all the configuration changes necessary, don't forget to restart the rsyslog process:

Code Block
/etc/init.d/rsyslog restart