configuring WL to send syslog

sunhux
sunhux used Ask the Experts™
on
We're configuring our Solaris Weblogic to send via syslog
to Qradar log collector & vendor gave us the steps below:
however, I don't see anywhere in the steps below indicating
IP of the log collector (ie syslog server) & I think some steps
are missing.  Can anyone enhance it & add on any missing
steps/inaccuracies?

1.1      WebLogic 12.1.3.0
===================
Enable configuration auditing by one of these methods:
•      Use the Administration Console. Select the Configuration > General page for your domain and set the Configuration Audit Type. See "Enable configuration auditing" in the Oracle WebLogic Server Administration Console Help.
•      When you start the Administration Server, include one of the following Java options in the weblogic.Server command:
•      -Dweblogic.domain.ConfigurationAuditType="audit"
Causes the domain to emit Audit Events only.
•      -Dweblogic.domain.ConfigurationAuditType="log"
Causes the domain to write configuration auditing messages to the Administration Server log file only.
•      -Dweblogic.domain.ConfigurationAuditType="logaudit"
Causes the domain to emit Audit Events and write configuration auditing messages to the Administration Server log file.
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi,

Include the  following log4j.properties in your managed server classpath:

log4j.rootLogger=DEBUG,syslog

log4j.appender.syslog=org.apache.log4j.net.SyslogAppender
log4j.appender.syslog.Threshold=DEBUG
log4j.appender.syslog.Facility=LOCAL7
log4j.appender.syslog.FacilityPrinting=false
log4j.appender.syslog.Header=true
log4j.appender.syslog.SyslogHost=localhost
log4j.appender.syslog.layout=org.apache.log4j.PatternLayout
log4j.appender.syslog.layout.ConversionPattern=[%p] %c:%L - %m%n 

Open in new window


Add the following to the managed server arguments:

-Dlog4j.configuration=file :<path to log4j properties file> -Dorg.apache.commons.logging.Log=org.apache.commons.logging.impl.Log4JLogger -Dweblogic.log.Log4jLoggingEnabled=true 

Open in new window


Then add llog4j.jar and llog4j-x.x.xx.jar to the domain's lib folder

Change the logged information in the Admin console:

your_domain --> Configuration --> Logging --> Advanced options --> Logging implementation: Log4J

Restart the managed server.

Change rsyslog.conf and uncomment the following properties:

# Provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514

Open in new window

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial