Skip Navigation

Centralize logging or auditing using syslog

You can configure the
BlackBerry 2FA
server so that it writes its log files, its audit files, or both to a centralized syslog server instead of local files.
This task demonstrates one way to centralize logging. For more information about how to configure logging, visit http://logging.apache.org/log4j/2.x/ to read the
Apache log4j
2 User’s Guide
.
  1. Browse to the
    <install_dir>
    \bb2fa-config
    folder.
  2. Back up the log4j.properties file.
  3. Open the log4j.properties file in a text editor.
  4. To send log messages to a central syslog server, perform the following actions:
    1. Change the value of
      log4j.rootLogger
      to one of the following:
      • To write log messages only to a syslog server,
        ALL, syslog
      • To write log messages locally and to a syslog server,
        ALL, logfile, syslog
    2. Add the following lines:
      log4j.appender.syslog=org.apache.log4j.net.SyslogAppender log4j.appender.SYSLOG.Threshold=INFO log4j.appender.SYSLOG.syslogHost=<hostname>:<port> log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout log4j.appender.SYSLOG.layout.ConversionPattern=[%-5p] %c - %m%n
    3. Set the value of
      log4j.appender.syslog.syslogHost
      to the host name and port of your syslog server.
    4. Optionally, to remove local logging, delete the following lines:
      # Log file output log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.logfile.layout=org.apache.log4j.PatternLayout log4j.appender.logfile.layout.ConversionPattern=%d{ISO8601} [%-5p] (%t) %c - %m%n log4j.appender.logfile.datePattern='.'yyyy-MM-dd log4j.appender.logfile.Threshold = INFO log4j.appender.logfile.append=true log4j.appender.logfile.File=logs/bb2fa.log
  5. To send audit messages to a central syslog server, perform the following actions:
    1. Change the value of
      log4j.logger.auditLogger
      to one of the following:
      • To write audit messages only to a syslog server,
        ALL, auditsyslog
      • To write audit messages locally and to a syslog server,
        ALL, auditfile, auditsyslog
    2. Add the following lines:
      log4j.appender.auditsyslog=org.apache.log4j.net.SyslogAppender log4j.appender.auditsyslog.Threshold = INFO log4j.appender.auditsyslog.syslogHost=<hostname>:<port> log4j.appender.auditsyslog.layout=org.apache.log4j.PatternLayout log4j.appender.auditsyslog.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n
    3. Set the value of
      log4j.appender.syslog.syslogHost
      to the host name and port of your syslog server. You must use a different port for the audit file than for the log file.
    4. Optionally, to remove local auditing, delete the following lines:
      # Audit log output log4j.appender.auditfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.auditfile.layout=org.apache.log4j.PatternLayout log4j.appender.auditfile.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n log4j.appender.auditfile.datePattern='.'yyyy-MM-dd log4j.appender.auditfile.Threshold = INFO log4j.appender.auditfile.append=true log4j.appender.auditfile.File=logs/bb2fa-audit.log
  6. Save your changes.
  7. In
    Windows
    Services, restart the
    BlackBerry 2FA
    service.
Example log4j.properties file with syslog and local logging
log4j.rootLogger=ALL, logfile, syslog log4j.logger.auditLogger=ALL, auditfile, auditsyslog # We want to control the output Apache CFX and Jetty, # which are very verbose at the DEBUG level log4j.logger.org.apache.cxf=INFO log4j.logger.org.eclipse.jetty=INFO # Redirect logs to a local log file log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.logfile.layout=org.apache.log4j.PatternLayout log4j.appender.logfile.layout.ConversionPattern=%d{ISO8601} [%-5p] (%t) %c - %m%n log4j.appender.logfile.datePattern='.'yyyy-MM-dd log4j.appender.logfile.Threshold = INFO log4j.appender.logfile.append=true log4j.appender.logfile.File=logs/bb2fa.log # Redirect logs to a remote syslog server log4j.appender.syslog=org.apache.log4j.net.SyslogAppender log4j.appender.syslog.Threshold = INFO log4j.appender.syslog.syslogHost=syslog.example.com:514 log4j.appender.syslog.layout=org.apache.log4j.PatternLayout log4j.appender.syslog.layout.ConversionPattern=[%-5p] %c - %m%n # Redirect audit messages to a local audit file log4j.appender.auditfile=org.apache.log4j.DailyRollingFileAppender log4j.appender.auditfile.layout=org.apache.log4j.PatternLayout log4j.appender.auditfile.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n log4j.appender.auditfile.datePattern='.'yyyy-MM-dd log4j.appender.auditfile.Threshold = INFO log4j.appender.auditfile.append=true log4j.appender.auditfile.File=logs/bb2fa-audit.log # Redirect audit messages to a remote syslog server #(you need a different port to generate a different file) log4j.appender.auditsyslog=org.apache.log4j.net.SyslogAppender log4j.appender.auditsyslog.Threshold = INFO log4j.appender.auditsyslog.syslogHost=syslog.example.com:515 log4j.appender.auditsyslog.layout=org.apache.log4j.PatternLayout log4j.appender.auditsyslog.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n