By default Tomcat does not log to syslog. Due to various reasons I was going to configure Tomcat to log via syslogd on localhost, which would then forward logs to central loghost. This was all done on servers running RHEL 5 and Tomcat 5.5.

To do this I used log4j:

root@ultra:~# cd /var/lib/tomcat5/common/lib
root@ultra:~# ln -s /usr/share/java/log4j.jar log4j.jar
root@ultra:~# ln -s /usr/share/java/commons-logging.jar commons-logging.jar

Then I dropped pretty bare log4j.properties to /var/lib/tomcat5/common/classes:

log4j.rootLogger=INFO, SYSLOG
log4j.logger.org.apache.catalina=INFO, SYSLOG
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.syslogHost=localhost
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.ConversionPattern=%p: %m
log4j.appender.SYSLOG.Facility=LOCAL1

Then I modified /etc/syslog.conf and added

local1.*                                                @syslog1.example.com
local1.*                                                @syslog2.example.com

…and also appended the following line in syslog.conf with local1.none so Tomcat logs do not end up in /var/log/messages:

*.info;mail.none;authpriv.none;cron.none;local1.none      /var/log/messages

Then restarted syslog with -r option to accept logging from network, restarted Tomcat, and… nothing happened. After tripple checking everything and pouring over syslogd man page I found out what I had forgotten. That is, syslogd by default will not forward logs received from network to another log host unless it is started with -h option. This is to avoid logging loops.

I did not like all the extra syslogd options enabled, so I decided to configure Tomcat to log directly to the loghosts. This way I could skip the whole syslog configuration and the entire setup would be cleaner anyway. Below is the barebone log4j.properties file that should work:

log4j.rootLogger=INFO, SYSLOG1, SYSLOG2
log4j.logger.org.apache.catalina=INFO, SYSLOG1, SYSLOG2
log4j.appender.SYSLOG1=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG1.syslogHost=syslog1.example.com
log4j.appender.SYSLOG1.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG1.layout.ConversionPattern=%p: %m
log4j.appender.SYSLOG1.Facility=LOCAL1
log4j.appender.SYSLOG1.threshold=WARN
log4j.appender.SYSLOG2=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG2.syslogHost=syslog2.example.com
log4j.appender.SYSLOG2.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG2.layout.ConversionPattern=%p: %m
log4j.appender.SYSLOG2.Facility=LOCAL1
log4j.appender.SYSLOG2.threshold=WARN

Point of this post: Everything is in man pages, of course.