Install syslog service
1) set yum repo for rsyslog
cat >> /etc/yum.repos.d/syslogall.repo
[rsyslog_v7]
name=Adiscon CentOS-$releasever - local packages for $basearch
baseurl=http://rpms.adiscon.com/v7-stable/epel-$releasever/$basearch
enabled=1
gpgcheck=0
gpgkey=http://rpms.adiscon.com/RPM-GPG-KEY-Adiscon
protect=1
2) install & start syslog service
yum install syslog
service rsyslog start
[eagle@splunk-3873 ~]# rpm -qa | grep rsyslog
rsyslog-7.6.7-1.el6.x86_64
Add eagle log4j config for appending logs to syslog server
log4j.rootLogger=INFO
log4j.logger.org.apache.eagle.executor.AlertExecutor=DEBUG,SYSLOG
# Syslog Appender
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.syslogHost=<syslog_server_hostname>
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.conversionPattern=%-4r [%t] %-5p %c %x - %m%n
log4j.appender.SYSLOG.Facility=LOCAL0
Add syslog config to filter & store eagle alert log
:msg, !contains, "A new alert is triggered: " ~
local0.* /home/eagle/eagle.alert.log
After the following configuration, the following eagle log will be persisted in file located at /home/eagle/eagle.alert.log
if(LOG.isDebugEnabled()) LOG.debug("A new alert is triggered: "+alertExecutorId + ", partition " + partitionSeq + ", Got an alert with output context: " + entity.getAlertContext() + ", for policy " + evaluator);