Log4cplus: SocketAppender logging server

Question

I wish to better understand the way the Log4cplus SocketAppender works with regard to the logging server that recieves this appender events.

I read the Log4cplus src code for loggingserver and socketappender and I will be glad to be clarified:

Can the SocketAppender only send events to the Log4cplus logging server, and not to any other server? and if this is the case: does it mean that if I want to send log messages to remote machine, that machine must be installed with the Log4cplus lib?

I would also like to know- does this Log4cplus logging-server run as a service? and does it require special configuration and pre-setup in order to use it?

Answer 1

Can the SocketAppender only send events to the Log4cplus logging server, and not to any other server?

Yes and yes.

does it mean that if I want to send log messages to remote machine, that machine must be installed with the Log4cplus lib?

Well, sort of. If you want to use only SocketAppender, you will have to use the logging server. You could also use SysLogAppender and send to remote server using that. Obviously, you have to have syslog service and allow receiving from network in it. You could also write your own custom appender that sends the events to whatever server you desire.

I would also like to know- does this Log4cplus logging-server run as a service?

No, it is a simple executable that listens on a socket.

and does it require special configuration and pre-setup in order to use it?

It requires configuration file so that it knows where to log the events.

Answer 2

I just wanted to share how I used SocketAppender (this setup also works for docker containers being in the same network).

/usr/share/elasticsearch/config/log4j2.properties

status = error

appender.console.type = Console
appender.console.name = console
appender.console.layout.type = PatternLayout
appender.console.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n

appender.socket.type=Socket
appender.socket.name=socket
appender.socket.port=601
appender.socket.host=api
appender.socket.reconnectDelayMillis=10000
appender.socket.layout.type = PatternLayout
appender.socket.layout.pattern = [%d{ISO8601}][%-5p][%-25c{1.}] %marker%m%n

rootLogger.level = info
rootLogger.appenderRef.console.ref = console
rootLogger.appenderRef.socket.ref = socket

in the second container I used syslog-ng:

• apk add syslog-ng
• vi /etc/syslog-ng/syslog-ng.conf
• syslog-ng -f /etc/syslog-ng/syslog-ng.conf

/etc/syslog-ng/syslog-ng.conf

@version: 3.13

source s_network {
    network(
        transport(tcp)
        port(601)
    );
};

log {
    source(s_network);
    destination(d_network);
};

destination d_network {
    file("/var/log/es_slowlog.log", template("${MSGHDR}${MESSAGE}\n"));
};

Notice that the @version: has to correspond to your version of syslog-ng. You can check it by invoking syslog-ng -V.