Support Logging setup

                    Java Log4j 2

                    Java Log4j 2 Log Management

                    You can send and manage your Java logs using Log4j 2. We’ll show you how to setup the Log4j2 LogManager to forward these to Syslog, Rsyslog will then forward them to Loggly.

                    We automatically parse out the timestamp, method, fully classified class name, thread, and log level from log4j. The syslog protocol does not support multiline events, so rsyslog will combine them into a single line escaped by octal characters. The advantage of using Rsyslog is that it can send TCP events without blocking your application, can optionally encrypt the data, and even queue data to add robustness to network failure. This guide assumes you use Java Log4j version 2 or higher, the default log configuration and directories. For alternatives, please see the Advanced Options section.

                    Java Log4j2 Log Management Setup

                    1. Configure Syslog Daemon

                    If you haven’t already, run our automatic Configure-Syslog script below to setup rsyslog. Alternatively, you can Manually Configure Rsyslog or Syslog-ng.

                    curl -O
                    sudo bash -a SUBDOMAIN -u USERNAME


                    • SUBDOMAIN: your account subdomain that you created when you signed up for Loggly
                    • USERNAME: your Loggly username

                    2. Configure Syslog Daemon for UDP Input

                    Open rsyslog’s configuration file

                    sudo vim /etc/rsyslog.conf

                    Uncomment these lines to accept UDP messages on the default port 514.

                    $ModLoad imudp
                    $UDPServerRun 514
                    Java Log4j Log

                    Restart the rsyslog service so the changes take effect

                    sudo service rsyslog restart

                    3. Add Log4j2

                    Add Log4j2 dependency from the Maven repository :


                    Then run maven to install

                    mvn clean install

                    Add the following configuration in log4j2.xml

                    The second field in the conversion pattern is the syslog appname, in this case it’s set to java.

                        <Socket name="Loggly" host="localhost" port="514" protocol="UDP">
                            <pattern>${hostName} java %d{yyyy-MM-dd HH:mm:ss,SSS}{GMT} %p %t
                              %c %M - %m%n</pattern>
                        <Root level="INFO">
                          <AppenderRef ref="Loggly" />

                    If you are using an HTTP appender, you do not need to add a host or appname.

                    	<Http name="loggly" url=""> 
                    			<pattern>${hostName} java %d{yyyy-MM-dd HH:mm:ss,SSS}{GMT} %p %t %c %M - %m%n</pattern> 

                    Add Logging Code

                    import org.apache.logging.log4j.LogManager;
                    private final static Logger log = LogManager.getLogger();
          "Hello World from Log4j2!");
          "{"message" : "Hello World from Log4j2"}");

                    4. Verify Events

                    Search Loggly for events with the java log type over the past hour. It may take a few minutes to index the event. If it doesn’t work, see the troubleshooting section below.

                    Java Log4j 2 Log Example

                    5. Next Steps

                    Advanced Java Log4j Log Options


                    • When we setup rsyslog to handle multiline events, they come in with octet values. i.e.





                    So you can use this config to scrub the octet values as below:

                    if re_match($msg,'(#012)') 
                    ? ? set $!ext = re_extract($msg,'(#012)',0,1,"");
                    ? ? set $!msg= replace($msg, $!ext, "n");
                    ? ? set $!msg = $msg;
                    • Java Log4j – You can also send log using Java Log4j
                    • File Monitoring – You can also configure Log4j with a FileAppender, then monitor that file using Rsyslog. This gives you a local backup but doesn’t work well with multiline stacktraces.
                    • CustomAppname– You can set custom appName in Log4j2 using following conversion pattern
                        <pattern>${hostName} CustomAppname %d{yyyy-MM-dd HH:mm:ss,SSS}{GMT} %p %t
                            %c %M - %m%n</pattern>
                    • Syslog4j – The Syslog4j appender can send events up to 64k in size, but it doesn’t seem to follow the layout pattern to enable parsing.
                    • logglylog4j – To send events directly to Loggly over the HTTP/S Event API, supports multiline with proper newline display
                    • Search or post your own log4j examples, configuration, log4j tutorials, or other questions in the community forum.

                    Java Log4j Troubleshooting

                    If you don’t see any data show up in the verification step, then check for these common problems.

                    Check Log4j2:

                    • Wait a few minutes in case indexing needs to catch up
                    • Check syslog log file
                    • Verify Log4j2 is working
                    • Run “sudo tcpdump -i lo -A udp and port 514” to verify UDP events are being sent to localhost

                    Check Your Syslog Daemon:

                    Still Not Working?

                    • Search or post your own questions on Java log4j and Apache log4j in the community forum.
                    Thanks for the feedback! We'll use it to improve our support documentation.