Sending OpenNMS Logs to Graylog

From OpenNMS
Jump to: navigation, search
Tested for Versions
The instructions in this article have been tested against the following versions of OpenNMS.
Tested Against:
Version 17.1.1 tested by Wakeaney
Version 21.0.1 tested by fuhrmann

Graylog is an Open Source log aggregation and search platform built on MongoDB and Elasticsearch. Shipping OpenNMS logs to Graylog makes archiving, searching, and correlating them much easier and more user friendly than grepping from the command line.

The configuration below is the only part which is needed on OpenNMS side.

Configure Log4j2

Add a Socket appender to your log4j2.xml, and configure it to use GelfLayout:

<!--
This section specifies how log messages are directed to log files.  The below indicates
the log messages are sent to files of the form logs/${prefix}.log.  Each message is placed in
a log file corresponding to its MDC prefix.  This happens even if the prefix is not specified
above.
It is possible to add additional appenders to this section while debugging if you would
like messages to be logged in some other way.  See http://logging.apache.org/log4j/2.x/ for details.
-->
<appenders>
  <Socket name="Graylog_[HOSTNAME]" protocol="udp" host="[HOSTNAME]" port="12201">
    <GelfLayout host="${hostName}" compressionType="GZIP" compressionThreshold="1024">
      <KeyValuePair key="jvm" value="${java:vm}" />
      <KeyValuePair key="application_name" value="opennms" />
    </GelfLayout>
  </Socket>

After the DynamicThresholdFilter, add a reference to your Graylog2 appender:

</DynamicThresholdFilter>

<appender-ref ref="RoutingAppender"/>
<appender-ref ref="Graylog_[HOSTNAME]" />

Your log messages should show up in Graylog2 after the configured monitorInterval in log4j2.xml has elapsed (default 60 seconds).

Build a Graylog2 service stack with Docker

A more detailed tutorial how to setup a Graylog stack can be found here: https://blog.no42.org/blog/centralized-logging-with-graylog2