Previous Topic: Route Message Queue Audit Messages to Windows Event LogNext Topic: Viewing Your Enterprise Implementation


Route Message Queue Audit Messages to UNIX Syslog

Valid on UNIX

You can configure the Enterprise Management Server to route message queue audit messages to the UNIX syslog. Each time the Enterprise Management Server writes an audit message to the audit log, a corresponding event is sent to the syslog.

To route message queue audit messages to UNIX syslog

  1. Stop the JBoss application server, if running.
  2. Navigate to the following directory, where JBOSS_HOME indicates the directory where you installed JBoss:
    JBOSS_HOME\server\default\conf\
    
  3. Open the jboss-log4j.xml file.
  4. Add an appender named "ENTM_UNIXEventLog" in the class.

    The appender specifies the class to use for auditing and how to display the data.

  5. Specify the logger that the appender binds to as a input channel for the audit messages. Insert the following code before the <root> element of jboss-log4j.xml:
    <logger name="EventLog">
        <appender-ref ref="ENTM_UNIXSysLog"/>
    </logger>
    
  6. Save and close the file.
  7. Open the /etc/syslog.conf file and verify that the syslog routes the messages to the /var/log/messages file.
  8. Open the /etc/sysconfig/syslog parameters file and verify that the remote mode option appears in the following entry:
    SYSLOGD_OPTIONS="-m 0-r"
    
  9. Restart the syslog daemon. Run the following command:
    /etc/rc.d/init.d/syslog restart
    

    The syslog daemon starts.

  10. Start the JBoss application server.

    The Enterprise Management Server will now route message queue audit message to the UNIX syslog

Example: Modify the jboss-log4j.xml file to send message queue audit messages to UNIX SysLog

The following snippet shows the jboss-log4j.xml file after a LogAppender object was created:

<appender name="ENTM_UNIXSysLog"
                        class="org.apache.log4j.net.SyslogAppender">
    <param name="Facility" value="USER"/>
    <param name="FacilityPrinting" value="false"/>
    <param name="SyslogHost" value="localhost"/>
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%p - [CA AC ENTM]: %m%n"/>
    </layout>
</appender>

<logger name="EventLog">
    <appender-ref ref="ENTM_UNIXSysLog"/>
</logger>

In this example, you did the following: