Centralize logging or auditing using syslog Skip Navigation

Centralize logging or auditing using syslog

You can configure the
BlackBerry 2FA
server so that it writes its log files, its audit files, or both to a centralized syslog server instead of local files.
This task demonstrates one way to centralize logging. For more information about how to configure logging, visit http://logging.apache.org/log4j/2.x/ to read the
Apache log4j
2 User’s Guide
.
  1. Browse to the
    <install_dir>
    \bb2fa-config
    folder.
  2. Back up the log4j.properties file.
  3. Open the log4j.properties file in a text editor.
  4. To send log messages to a central syslog server, perform the following actions:
    1. Change the value of
      log4j.rootLogger
      to one of the following:
      • To write log messages only to a syslog server,
        ALL, syslog
      • To write log messages locally and to a syslog server,
        ALL, logfile, syslog
    2. Add the following lines:
      log4j.appender.syslog=org.apache.log4j.net.SyslogAppender log4j.appender.SYSLOG.Threshold=INFO log4j.appender.SYSLOG.syslogHost=<hostname>:<port> log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout log4j.appender.SYSLOG.layout.ConversionPattern=[%-5p] %c - %m%n
    3. Set the value of
      log4j.appender.syslog.syslogHost
      to the host name and port of your syslog server.
    4. Optionally, to remove local logging, delete the following lines:
      # Log file output log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.logfile.layout=org.apache.log4j.PatternLayout log4j.appender.logfile.layout.ConversionPattern=%d{ISO8601} [%-5p] (%t) %c - %m%n log4j.appender.logfile.datePattern='.'yyyy-MM-dd log4j.appender.logfile.Threshold = INFO log4j.appender.logfile.append=true log4j.appender.logfile.File=logs/bb2fa.log
  5. To send audit messages to a central syslog server, perform the following actions:
    1. Change the value of
      log4j.logger.auditLogger
      to one of the following:
      • To write audit messages only to a syslog server,
        ALL, auditsyslog
      • To write audit messages locally and to a syslog server,
        ALL, auditfile, auditsyslog
    2. Add the following lines:
      log4j.appender.auditsyslog=org.apache.log4j.net.SyslogAppender log4j.appender.auditsyslog.Threshold = INFO log4j.appender.auditsyslog.syslogHost=<hostname>:<port> log4j.appender.auditsyslog.layout=org.apache.log4j.PatternLayout log4j.appender.auditsyslog.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n
    3. Set the value of
      log4j.appender.syslog.syslogHost
      to the host name and port of your syslog server. You must use a different port for the audit file than for the log file.
    4. Optionally, to remove local auditing, delete the following lines:
      # Audit log output log4j.appender.auditfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.auditfile.layout=org.apache.log4j.PatternLayout log4j.appender.auditfile.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n log4j.appender.auditfile.datePattern='.'yyyy-MM-dd log4j.appender.auditfile.Threshold = INFO log4j.appender.auditfile.append=true log4j.appender.auditfile.File=logs/bb2fa-audit.log
  6. Save your changes.
  7. In
    Windows
    Services, restart the
    BlackBerry 2FA
    service.
Example log4j.properties file with syslog and local logging
log4j.rootLogger=ALL, logfile, syslog log4j.logger.auditLogger=ALL, auditfile, auditsyslog # We want to control the output Apache CFX and Jetty, # which are very verbose at the DEBUG level log4j.logger.org.apache.cxf=INFO log4j.logger.org.eclipse.jetty=INFO # Redirect logs to a local log file log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.logfile.layout=org.apache.log4j.PatternLayout log4j.appender.logfile.layout.ConversionPattern=%d{ISO8601} [%-5p] (%t) %c - %m%n log4j.appender.logfile.datePattern='.'yyyy-MM-dd log4j.appender.logfile.Threshold = INFO log4j.appender.logfile.append=true log4j.appender.logfile.File=logs/bb2fa.log # Redirect logs to a remote syslog server log4j.appender.syslog=org.apache.log4j.net.SyslogAppender log4j.appender.syslog.Threshold = INFO log4j.appender.syslog.syslogHost=syslog.example.com:514 log4j.appender.syslog.layout=org.apache.log4j.PatternLayout log4j.appender.syslog.layout.ConversionPattern=[%-5p] %c - %m%n # Redirect audit messages to a local audit file log4j.appender.auditfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.auditfile.layout=org.apache.log4j.PatternLayout log4j.appender.auditfile.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n log4j.appender.auditfile.datePattern='.'yyyy-MM-dd log4j.appender.auditfile.Threshold = INFO log4j.appender.auditfile.append=true log4j.appender.auditfile.File=logs/bb2fa-audit.log # Redirect audit messages to a remote syslog server #(you need a different port to generate a different file) log4j.appender.auditsyslog=org.apache.log4j.net.SyslogAppender log4j.appender.auditsyslog.Threshold = INFO log4j.appender.auditsyslog.syslogHost=syslog.example.com:515 log4j.appender.auditsyslog.layout=org.apache.log4j.PatternLayout log4j.appender.auditsyslog.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n