Trying to work around what appear to be log4j shortcomings: our app is using
log4j which (1) dumps to local file and also uses syslog appender to send to
rsyslog for proper processing. The problem is that log4j only appears to
support UDP (no TCP and no domain sockets) which results in log entries > 1024
bytes getting broken up.
The easiest way to handle this - without getting developers involved - is to
have rsyslog simply monitor the files to which log4j dumps and forego log4j's
syslog appender altogether. I'm looking into the imfile solution, but
documentation suggests that it's more geared to turning non-log files into
proper syslog logfile entries (provides default severity, facility, etc...).
In my case, these are already legitimate log messages that I just need rsyslog
to grab and forward to my central loghost so that large messages don't get
broken up. Will imfile do this for me or is there a better way if I want to
get log messages that do not go through network or unix socket?
Appreciate the guidance.
todd
_______________________________________________
rsyslog mailing list
http://lists.adiscon.net/mailman/listinfo/rsyslog
http://www.rsyslog.com
