Pushing atlassian-jira-security.log to Syslog but keep writing events to a local file

Daniel Ebers
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 2, 2022

Hi Community,

although I feel this could be a rather special question for log4j it might not hurt to ask if the following is something you have done in your environment successfully...

Basically all is about logging, many details you even can learn from knowledgebase:
https://confluence.atlassian.com/adminjiraserver/logging-and-profiling-938847671.html

In log4j.properties we see the usual configuration that is delivered when Jira is installed for logging security related events to atlassian-jira.log

log4j.appender.securitylog=com.atlassian.jira.logging.JiraHomeAppender
log4j.appender.securitylog.File=atlassian-jira-security.log
log4j.appender.securitylog.MaxFileSize=20480KB
log4j.appender.securitylog.MaxBackupIndex=5
log4j.appender.securitylog.layout=com.atlassian.logging.log4j.NewLineIndentingFilteringPatternLayout
log4j.appender.securitylog.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %t %X{jira.username} %X{jira.request.id} %X{jira.request.assession.id} %X{jira.request.ipaddr} %X{jira.request.url} %m%n

This works, of course, great - this is the default.

The ask now was to deliver the security related events to syslog - which also works using this configuration:

log4j.appender.securitylog=org.apache.log4j.net.SyslogAppender
log4j.appender.securitylog.syslogHost=127.0.0.1
log4j.appender.securitylog.layout=org.apache.log4j.EnhancedPatternLayout
log4j.appender.securitylog.layout.ConversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSSZ} %t %X{jira.username} %X{jira.request.id} %X{jira.request.assession.id} %X{jira.request.ipaddr} %X{jira.request.url} %m%n
log4j.appender.securitylog.Facility=LOCAL0

 

However, I seem to be totally stuck when the ask is to combine both .. having security related information in both locations:

  • syslog

    AND

  • atlassian-jira-security.log

In case there is an easy way to achieve that goal I would be very happy, from what I found out the appender (securitylog) must be unique. It is not capable of delivering events to both destinations, syslog and file at the same time unless I am missing a point?

Cheers,
Daniel

 

2 answers

0 votes
Andrew Laden
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
March 7, 2023

Looking outside of jira's logging, there are ways to take a log file and forward it to syslog.

Using the logger command with some scripting.

Or using the test logfile input of rsyslogd or similar for syslog-ng

https://serverfault.com/questions/547938/linux-how-to-send-new-lines-in-log-files-to-remote-syslog

0 votes
Stéphane PINARD March 4, 2023

Hello I've the same needs but i can't succeed.

Suggest an answer

Log in or Sign up to answer