Fluentd and Log4net

Lucas Gazire

unread,

Aug 28, 2015, 4:20:32 PM8/28/15

to Fluentd Google Group

Hi all,

I'm trying to integrate my windows application that uses log4net with fluentd i tried to use this tutorial here:

http://www.tipstuff.org/2014/05/config-log4net-send-log-to-elasticsearch-with-fluentd-and-kibana-realtime-and-centralization-part-2.html

But it seems that something is missing, i configured my cong to received the messages in port 5140 like this as well the message format:

### Listen on port 5140, module in_syslog ###

type syslog

port 5140

bind 0.0.0.0

tag syslog

</source>

### Parsing the events ###

type parser

remove_prefix syslog

format /^(?<thread>[^ ]*) (?<level>[^ ]*) (?<logger>[^ ]*) (?<username>[^ ]*) \[\[(?<message>[^*]*)/

key_name message

</match>

### Write parsed events to ElasticSearch ###

buffer_type file

buffer_path /mnt/ramdisk/log4net.buff

buffer_chunk_limit 4m

buffer_queue_limit 50

flush_interval 3s

type elasticsearch

logstash_format true

logstash_prefix log4net

host localhost

port 9200

</match>

and my log4net applications like this:

</layout>

<root>

<appender-ref ref="UdpAppender"/>

</root>

</appender>

But i can't see anything coming in fluentd at all, at least not in the log files.

Can someone help me?

Kind Regards,

Lucas.

Mr. Fiber

unread,

Aug 28, 2015, 6:41:29 PM8/28/15

to Fluentd Google Group

Please paste td-agent log here first.

Masahiro

--
You received this message because you are subscribed to the Google Groups "Fluentd Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fluentd+u...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Lucas Gazire

unread,

Aug 31, 2015, 7:32:38 AM8/31/15

to Fluentd Google Group

Sorry, i forgot:

[root@brlu2500654 cs]# vim /var/log/td-agent/td-agent.log

type file

path /var/log/td-agent/failed_records

buffer_path /var/log/td-agent/failed_records.*

</secondary>

</match>

type stdout

</match>

type monitor_agent

bind 0.0.0.0

port 24220

</source>

type forward

</source>

type http

port 8888

</source>

type debug_agent

bind 127.0.0.1

port 24230

</source>

type syslog

port 5140

bind 0.0.0.0

tag syslog

with_priority true

</source>

type parser

remove_prefix syslog

format /^(?<thread>[^ ]*) (?<level>[^ ]*) (?<logger>[^ ]*) (?<username>[^ ]*) \[\[(?<message>[^*]*)/

key_name message

</match>

buffer_type file

buffer_path /mnt/ramdisk/log4net.buff

buffer_chunk_limit 4m

buffer_queue_limit 50

flush_interval 3s

type elasticsearch

logstash_format true

logstash_prefix log4net

host localhost

port 9200

</match>

</ROOT>

2015-08-26 18:26:26 -0300 [info]: listening fluent socket on 0.0.0.0:24224

2015-08-26 18:26:26 -0300 [info]: listening dRuby uri="druby://127.0.0.1:24230" object="Engine"

Lucas Gazire

unread,

Aug 31, 2015, 3:58:03 PM8/31/15

to Fluentd Google Group

Now i can see in the log:

2015-08-31 16:53:17 -0300 [info]: listening dRuby uri="druby://127.0.0.1:24230" object="Engine"

2015-08-31 16:54:24 -0300 [warn]: invalid syslog message data="2015-08-31 16:54:24,889 [10] INFO - Info"

2015-08-31 16:54:24 -0300 [warn]: invalid syslog message data="2015-08-31 16:54:24,894 [10] INFO - Info"

2015-08-31 16:54:24 -0300 [warn]: invalid syslog message data="2015-08-31 16:54:24,894 [10] ERROR - Error"

Can someone help me to check what's wrong with my format?

format /^(?<date>^*) (?<thread>[^ ]*) (?<level>^ *) (?<message>^* *)/

Mr. Fiber

unread,

Aug 31, 2015, 4:21:14 PM8/31/15

to Fluentd Google Group

You can use td-agent-ui to check your format interatively.

http://docs.fluentd.org/articles/fluentd-ui

Lucas Gazire

unread,

Sep 1, 2015, 7:51:12 AM9/1/15

to Fluentd Google Group

Great! Thanks

Reply all

Reply to author

Forward