By default Tomcat does not log to syslog. Due to various reasons I was going to configure Tomcat to log via syslogd on localhost, which would then forward logs to central loghost. This was all done on servers running RHEL 5 and Tomcat 5.5.
To do this I used log4j:
root@ultra:~# cd /var/lib/tomcat5/common/lib root@ultra:~# ln -s /usr/share/java/log4j.jar log4j.jar root@ultra:~# ln -s /usr/share/java/commons-logging.jar commons-logging.jar
Then I dropped pretty bare log4j.properties to /var/lib/tomcat5/common/classes:
log4j.rootLogger=INFO, SYSLOG log4j.logger.org.apache.catalina=INFO, SYSLOG log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender log4j.appender.SYSLOG.syslogHost=localhost log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout log4j.appender.SYSLOG.layout.ConversionPattern=%p: %m log4j.appender.SYSLOG.Facility=LOCAL1
Then I modified /etc/syslog.conf and added
local1.* @syslog1.example.com local1.* @syslog2.example.com
…and also appended the following line in syslog.conf with local1.none so Tomcat logs do not end up in /var/log/messages:
Then restarted syslog with -r option to accept logging from network, restarted Tomcat, and… nothing happened. After tripple checking everything and pouring over syslogd man page I found out what I had forgotten. That is, syslogd by default will not forward logs received from network to another log host unless it is started with -h option. This is to avoid logging loops.
I did not like all the extra syslogd options enabled, so I decided to configure Tomcat to log directly to the loghosts. This way I could skip the whole syslog configuration and the entire setup would be cleaner anyway. Below is the barebone log4j.properties file that should work:
log4j.rootLogger=INFO, SYSLOG1, SYSLOG2 log4j.logger.org.apache.catalina=INFO, SYSLOG1, SYSLOG2 log4j.appender.SYSLOG1=org.apache.log4j.net.SyslogAppender log4j.appender.SYSLOG1.syslogHost=syslog1.example.com log4j.appender.SYSLOG1.layout=org.apache.log4j.PatternLayout log4j.appender.SYSLOG1.layout.ConversionPattern=%p: %m log4j.appender.SYSLOG1.Facility=LOCAL1 log4j.appender.SYSLOG1.threshold=WARN log4j.appender.SYSLOG2=org.apache.log4j.net.SyslogAppender log4j.appender.SYSLOG2.syslogHost=syslog2.example.com log4j.appender.SYSLOG2.layout=org.apache.log4j.PatternLayout log4j.appender.SYSLOG2.layout.ConversionPattern=%p: %m log4j.appender.SYSLOG2.Facility=LOCAL1 log4j.appender.SYSLOG2.threshold=WARN
Point of this post: Everything is in man pages, of course.