You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Install syslog service

1) set yum repo for rsyslog

cat >> /etc/yum.repos.d/syslogall.repo

[rsyslog_v7]
name=Adiscon CentOS-$releasever - local packages for $basearch
baseurl=http://rpms.adiscon.com/v7-stable/epel-$releasever/$basearch
enabled=1
gpgcheck=0
gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon
protect=1

2) install & start syslog service

yum install syslog

service rsyslog start

[eagle@splunk-3873 ~]# rpm -qa | grep rsyslog

rsyslog-7.6.7-1.el6.x86_64

Add eagle log4j config for appending logs to syslog server

log4j.rootLogger=INFO, SYSLOG
log4j.logger.org.apache.eagle.executor.AlertExecutor=DEBUG


# Syslog Appender

log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.syslogHost=splunk-3873.phx01.dev.ebayc3.com
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.conversionPattern=%-4r [%t] %-5p %c %x - %m%n
log4j.appender.SYSLOG.Facility=LOCAL0

Add syslog config to filter & store eagle alert log

:msg, !contains, "A new alert is triggered: " ~

local0.* /home/eagle/eagle.alert.log


After the following configuration, the following eagle log will be persisted in file located at /home/eagle/eagle.alert.log

if(LOG.isDebugEnabled()) LOG.debug("A new alert is triggered: "+alertExecutorId + ", partition " + partitionSeq + ", Got an alert with output context: " + entity.getAlertContext() + ", for policy " + evaluator);

 

 

 

  • No labels