Centralize logging or auditing using syslog Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry 2FA
  3. BlackBerry 2FA - Server Configuration Guide
  4. Logging and reporting
  5. Centralize logging or auditing using syslog

Centralize logging or auditing using syslog

You can configure the
BlackBerry 2FA
 server so that it writes its log files, its audit files, or both to a centralized syslog server instead of local files.
This task demonstrates one way to centralize logging. For more information about how to configure logging, visit http://logging.apache.org/log4j/2.x/ to read the
Apache log4j
 2 User’s Guide
 .
  1. Browse to the
    <install_dir>
    \bb2fa-config
     folder.
  2. Back up the log4j.properties file.
  3. Open the log4j.properties file in a text editor.
  4. To send log messages to a central syslog server, perform the following actions:
    1. Change the value of
      log4j.rootLogger
       to one of the following:
      • To write log messages only to a syslog server,
        ALL, syslog
      • To write log messages locally and to a syslog server,
        ALL, logfile, syslog
    2. Add the following lines:
      log4j.appender.syslog=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.Threshold=INFO 
log4j.appender.SYSLOG.syslogHost=<hostname>:<port>
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.ConversionPattern=[%-5p] %c - %m%n
    3. Set the value of
      log4j.appender.syslog.syslogHost
       to the host name and port of your syslog server.
    4. Optionally, to remove local logging, delete the following lines:
      # Log file output
log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
log4j.appender.logfile.layout.ConversionPattern=%d{ISO8601} [%-5p] (%t) %c - %m%n
log4j.appender.logfile.datePattern='.'yyyy-MM-dd
log4j.appender.logfile.Threshold = INFO
log4j.appender.logfile.append=true
log4j.appender.logfile.File=logs/bb2fa.log
  5. To send audit messages to a central syslog server, perform the following actions:
    1. Change the value of
      log4j.logger.auditLogger
       to one of the following:
      • To write audit messages only to a syslog server,
        ALL, auditsyslog
      • To write audit messages locally and to a syslog server,
        ALL, auditfile, auditsyslog
    2. Add the following lines:
      log4j.appender.auditsyslog=org.apache.log4j.net.SyslogAppender 
log4j.appender.auditsyslog.Threshold = INFO 
log4j.appender.auditsyslog.syslogHost=<hostname>:<port>
log4j.appender.auditsyslog.layout=org.apache.log4j.PatternLayout 
log4j.appender.auditsyslog.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n
    3. Set the value of
      log4j.appender.syslog.syslogHost
       to the host name and port of your syslog server. You must use a different port for the audit file than for the log file.
    4. Optionally, to remove local auditing, delete the following lines:
      # Audit log output
log4j.appender.auditfile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.auditfile.layout=org.apache.log4j.PatternLayout
log4j.appender.auditfile.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n
log4j.appender.auditfile.datePattern='.'yyyy-MM-dd
log4j.appender.auditfile.Threshold = INFO
log4j.appender.auditfile.append=true
log4j.appender.auditfile.File=logs/bb2fa-audit.log
  6. Save your changes.
  7. In
    Windows
     Services, restart the
    BlackBerry 2FA
     service.
Example log4j.properties file with syslog and local logging
log4j.rootLogger=ALL, logfile, syslog

log4j.logger.auditLogger=ALL, auditfile, auditsyslog

# We want to control the output Apache CFX and Jetty, 
# which are very verbose at the DEBUG level
log4j.logger.org.apache.cxf=INFO
log4j.logger.org.eclipse.jetty=INFO

# Redirect logs to a local log file
log4j.appender.logfile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.logfile.layout=org.apache.log4j.PatternLayout
log4j.appender.logfile.layout.ConversionPattern=%d{ISO8601} [%-5p] (%t) %c - %m%n
log4j.appender.logfile.datePattern='.'yyyy-MM-dd
log4j.appender.logfile.Threshold = INFO
log4j.appender.logfile.append=true
log4j.appender.logfile.File=logs/bb2fa.log

# Redirect logs to a remote syslog server
log4j.appender.syslog=org.apache.log4j.net.SyslogAppender 
log4j.appender.syslog.Threshold = INFO 
log4j.appender.syslog.syslogHost=syslog.example.com:514
log4j.appender.syslog.layout=org.apache.log4j.PatternLayout 
log4j.appender.syslog.layout.ConversionPattern=[%-5p] %c - %m%n

# Redirect audit messages to a local audit file
log4j.appender.auditfile=org.apache.log4j.DailyRollingFileAppender
log4j.appender.auditfile.layout=org.apache.log4j.PatternLayout
log4j.appender.auditfile.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n
log4j.appender.auditfile.datePattern='.'yyyy-MM-dd
log4j.appender.auditfile.Threshold = INFO
log4j.appender.auditfile.append=true
log4j.appender.auditfile.File=logs/bb2fa-audit.log

# Redirect audit messages to a remote syslog server 
#(you need a different port to generate a different file)
log4j.appender.auditsyslog=org.apache.log4j.net.SyslogAppender 
log4j.appender.auditsyslog.Threshold = INFO 
log4j.appender.auditsyslog.syslogHost=syslog.example.com:515
log4j.appender.auditsyslog.layout=org.apache.log4j.PatternLayout 
log4j.appender.auditsyslog.layout.ConversionPattern=%d{yyyy-MM-dd},%d{HH:mm:ss.SSS},%m%n