Re: About SYNCOPE-1696
You're right! the doc says till ES 7.X.
Thanks for the feedback.
Best regards,
Andrea
On 30/09/22 09:05, Francesco Chicchiriccò wrote:
Hi Andrea,
I agree with you, option (2) looks definitely better, especially
because, if I am not mistaking, the library [1] does not support yet
Elasticsearch 8.x, which we are using on master branch.
Regards.
On 29/09/22 17:14, Andrea Patricelli wrote:
Hi all,
About SYNCOPE-1696 I found this log4j2 appender [1] that seems to be
a kind of "fork" extension (not mentioned in the official doc), but
still quite active project.
Now I see two ways to proceed:
1. Use the library and all its features OOTB. As far as I understood
this extension "simply" performs HTTP calls to ES to write data and
allows to log on ES transparently like
log.info("Hello, World!");
.
2. Configure a custom audit appender as the Syslog or Rewrite one,
which directly uses the ES client to write on Elasticsearch.
Though solution 1 seems to be a good way to proceed, it is not so
widely used because the most common way to direct logs on ES is to
use Logstash and Filebeat. But on the other hand requires only some
configuration, without writing too much code.
Solution 2 is a bit more "raw" and requires a bit more work, but we
would use the same ES client instantiated by the extension and have
more control on the overall solution and maintenance.
I would lean for solution 2, following the implementation to index
users, any objs and groups by using a custom appender to place under
elasticsearch extension, but would like to know your opinion.
Best regards,
Andrea
[1] https://github.com/rfoltyns/log4j2-elasticsearch
--
Andrea Patricelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope
Re: About SYNCOPE-1696
Hi Andrea,
I agree with you, option (2) looks definitely better, especially because, if I
am not mistaking, the library [1] does not support yet Elasticsearch 8.x, which
we are using on master branch.
Regards.
On 29/09/22 17:14, Andrea Patricelli wrote:
Hi all,
About SYNCOPE-1696 I found this log4j2 appender [1] that seems to be a kind of
"fork" extension (not mentioned in the official doc), but still quite active
project.
Now I see two ways to proceed:
1. Use the library and all its features OOTB. As far as I understood
this extension "simply" performs HTTP calls to ES to write data and
allows to log on ES transparently like
log.info("Hello, World!");
.
2. Configure a custom audit appender as the Syslog or Rewrite one,
which directly uses the ES client to write on Elasticsearch.
Though solution 1 seems to be a good way to proceed, it is not so widely used
because the most common way to direct logs on ES is to use Logstash and
Filebeat. But on the other hand requires only some configuration, without
writing too much code.
Solution 2 is a bit more "raw" and requires a bit more work, but we would use
the same ES client instantiated by the extension and have more control on the overall
solution and maintenance.
I would lean for solution 2, following the implementation to index users, any
objs and groups by using a custom appender to place under elasticsearch
extension, but would like to know your opinion.
Best regards,
Andrea
[1] https://github.com/rfoltyns/log4j2-elasticsearch
--
Francesco Chicchiriccò
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/
About SYNCOPE-1696
Hi all,
About SYNCOPE-1696 I found this log4j2 appender [1] that seems to be a
kind of "fork" extension (not mentioned in the official doc), but still
quite active project.
Now I see two ways to proceed:
1. Use the library and all its features OOTB. As far as I understood
this extension "simply" performs HTTP calls to ES to write data and
allows to log on ES transparently like
log.info("Hello, World!");
.
2. Configure a custom audit appender as the Syslog or Rewrite one,
which directly uses the ES client to write on Elasticsearch.
Though solution 1 seems to be a good way to proceed, it is not so widely
used because the most common way to direct logs on ES is to use Logstash
and Filebeat. But on the other hand requires only some configuration,
without writing too much code.
Solution 2 is a bit more "raw" and requires a bit more work, but we
would use the same ES client instantiated by the extension and have more
control on the overall solution and maintenance.
I would lean for solution 2, following the implementation to index
users, any objs and groups by using a custom appender to place under
elasticsearch extension, but would like to know your opinion.
Best regards,
Andrea
[1] https://github.com/rfoltyns/log4j2-elasticsearch
<https://github.com/rfoltyns/log4j2-elasticsearch>
--
Andrea Patricelli
Tirasa - Open Source Excellence
http://www.tirasa.net/
Member at The Apache Software Foundation
Syncope
