Configure JBoss EAP SyslogHandler to use TCP

Solution Unverified - Updated -

Environment

  • RedHat JBoss Enterprise Application Platform (EAP)
    • 6.x

Issue

  • It looks like the JBoss SyslogHandler has support for TCP, but I can't see how to configure it. How can I do this?

Resolution

  • While the ability to use TCP in the SyslogHandler has in fact been added to EAP 6.2, the ability to configure this directly in the CLI/web console has not been added.

  • That said, you can configure the SyslogHandler with TCP if you configure it as a custom-handler. Because the custom configuration can be admittedly brittle, here's a sample configuration:

    <custom-handler name="SYSLOG" class="org.jboss.logmanager.handlers.SyslogHandler" module="org.jboss.logmanager">
        <encoding value="ISO-8859-1"/>
        <formatter>
            <pattern-formatter pattern="%-5p [%c] (%t) %s%E%n"/>
        </formatter>
        <properties>
          <property name="appName" value="JBossEAP"/>
          <property name="facility" value="LOCAL_USE_5"/>
          <property name="serverHostname" value="localhost"/>
          <property name="hostname" value="-"/>
          <property name="port" value="1119"/>
          <property name="syslogType" value="RFC5424"/>
          <property name="protocol" value="TCP"/>
          <property name="messageDelimiter" value="-"/>
          <property name="useMessageDelimiter" value="true"/>
        </properties>
    </custom-handler>

Notes:

  • Encoding is set to ISO-8859-1 to avoid the UTF-8 BOM being added to the messages per spec 1
  • The date is removete from the standard pattern-formatter since the date is already part of the syslog spec message
  • The message delimiter should probably be changed. The default value of "\n" will literally add "\n" to the message, i.e. it won't actually add a newline character.
  • Most syslog implementations expect to see a linefeed as the delimiter. Since we need to use XML escaping, that would be configured as:
<property name="messageDelimiter" value="&#10;"/>

  1. http://tools.ietf.org/html/rfc5424#appendix-A.8: "If the syslog application has a good indication that the content of the message is encoded in UTF-8, then it should include the BOM." 

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.