Sending EasyAccess logs to InCenter or a Syslog server

Last modified on 4 May, 2021. Revision 13
There can be a need to send logs to an external server instead of relying on text files found on the EasyAccess server itself. This article describes how to configure the EasyAccess server to send logs to either an InCenter server or a Syslog server.
Up to date for
EasyAccess 3.0+
Status OK



Modifying log4j2.xml

For sending logs to a Syslog server, we need to modify the log4j2.xml file found in /opt/EasyAccess/Server/config (Linux) or C:/program files/EasyAccess/Server/config (Windows). The original contents are shown below:

log4j2.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright (c) 2015 PhenixID AB (http://phenixid.net) - All Rights Reserved
  ~
  ~  Proprietary and confidential
  ~
  ~  Unauthorized copying and distribution of this file (via any medium) is strictly prohibited
  ~
  ~  For more information please contact: info@phenixid.se
  -->

<Configuration monitorInterval="30">
    <Appenders>
        <Console name="CONSOLE" target="SYSTEM_OUT">
            <PatternLayout pattern="%d [%c{1}]  %p: %m%n"/>
        </Console>
        <RollingFile
                name="FILE"
                fileName="logs/server.log"
                filePattern="logs/server.%date{yyyy-MM-dd}.log"
                append="true">
            <PatternLayout pattern="%d [%c{1}]  %p: %m%n"/>
            <Policies>
                <TimeBasedTriggeringPolicy interval="1"/>
            </Policies>
        </RollingFile>
        <RollingFile
                name="EVENT"
                fileName="logs/event.log"
                filePattern="logs/event.%date{yyyy-MM-dd}.log"
                append="true">
            <PatternLayout pattern="%d [%c{1}]  %p: %m%n"/>
            <Policies>
                <TimeBasedTriggeringPolicy interval="1"/>
            </Policies>
        </RollingFile>
    </Appenders>
    <Loggers>
        <AsyncLogger name="com.phenixidentity" level="DEBUG"/>
        <AsyncLogger name="io.netty" level="WARN"/>
        <AsyncLogger name="com.hazelcast" level="WARN"/>
        <AsyncLogger name="org.vertx" level="WARN"/>
        <AsyncLogger name="com.orientechnologies" level="WARN"/>
        <Logger name="EVENT" level="INFO" additivity="false">
            <AppenderRef ref="EVENT"/>
        </Logger>
        <Root level="WARN">
            <AppenderRef ref="FILE"/>
        </Root>
    </Loggers>
</Configuration>



For sending to just a Syslog server change the above to:


log4j2.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright (c) 2015 PhenixID AB (http://phenixid.net) - All Rights Reserved
  ~
  ~  Proprietary and confidential
  ~
  ~  Unauthorized copying and distribution of this file (via any medium) is strictly prohibited
  ~
  ~  For more information please contact: info@phenixid.se
  -->

<Configuration monitorInterval="30">
    <Appenders>
        <Console name="CONSOLE" target="SYSTEM_OUT">
            <PatternLayout pattern="%d [%c{1}]  %p: %m%n"/>
        </Console>
        <RollingFile
                name="FILE"
                fileName="logs/server.log"
                filePattern="logs/server.%date{yyyy-MM-dd}.log"
                append="true">
            <PatternLayout pattern="%d [%c{1}]  %p: %m%n"/>
            <Policies>
                <TimeBasedTriggeringPolicy interval="1"/>
            </Policies>
        </RollingFile>
        <RollingFile
                name="EVENT"
                fileName="logs/event.log"
                filePattern="logs/event.%date{yyyy-MM-dd}.log"
                append="true">
            <PatternLayout pattern="%d [%c{1}]  %p: %m%n"/>
            <Policies>
                <TimeBasedTriggeringPolicy interval="1"/>
            </Policies>
        </RollingFile>
        <Syslog
    		name="CEF"
    		host="1.1.1.1" 
    		port="514"
    		protocol="UDP">
            facility="LOCAL7"
        </Syslog>
    </Appenders>
    <Loggers>
        <AsyncLogger name="com.phenixidentity" level="DEBUG"/>
        <AsyncLogger name="io.netty" level="WARN"/>
        <AsyncLogger name="com.hazelcast" level="WARN"/>
        <AsyncLogger name="org.vertx" level="WARN"/>
        <AsyncLogger name="com.orientechnologies" level="WARN"/>
        <Logger name="EVENT" level="INFO" additivity="false">
            <AppenderRef ref="EVENT"/>
            <AppenderRef ref="CEF"/>
        </Logger>
        <Root level="WARN">
            <AppenderRef ref="FILE"/>
        </Root>
    </Loggers>
</Configuration>

Sending logs to InCenter

For InCenter there are some more things that we need to change as well. First, modify log4j2.xml to look like this:

log4j2.xml

<?xml version="1.0" encoding="UTF-8"?>
<!--
  ~ Copyright (c) 2015 PhenixID AB (http://phenixid.net) - All Rights Reserved
  ~
  ~  Proprietary and confidential
  ~
  ~  Unauthorized copying and distribution of this file (via any medium) is strictly prohibited
  ~
  ~  For more information please contact: info@phenixid.se
  -->

<Configuration monitorInterval="30">
    <Appenders>
        <Console name="CONSOLE" target="SYSTEM_OUT">
            <PatternLayout pattern="%d [%c{1}]  %p: %m%n"/>
        </Console>
        <RollingFile
                name="FILE"
                fileName="logs/server.log"
                filePattern="logs/server.%date{yyyy-MM-dd}.log"
                append="true">
            <PatternLayout pattern="%d [%c{1}]  %p: %m%n"/>
            <Policies>
                <TimeBasedTriggeringPolicy interval="1"/>
            </Policies>
        </RollingFile>
        <RollingFile
                name="EVENT"
                fileName="logs/event.log"
                filePattern="logs/event.%date{yyyy-MM-dd}.log"
                append="true">
            <PatternLayout pattern="%d [%c{1}]  %p: %m%n"/>
            <Policies>
                <TimeBasedTriggeringPolicy interval="1"/>
            </Policies>
        </RollingFile>
        <Syslog
    		name="CEF"
    		host="1.1.1.1" 
    		port="514"
    		protocol="UDP">
		<PatternLayout>
        	<Pattern>%m%n</Pattern>
        </PatternLayout>
        </Syslog>
    </Appenders>
    <Loggers>
        <AsyncLogger name="com.phenixidentity" level="DEBUG"/>
        <AsyncLogger name="io.netty" level="WARN"/>
        <AsyncLogger name="com.hazelcast" level="WARN"/>
        <AsyncLogger name="org.vertx" level="WARN"/>
        <AsyncLogger name="com.orientechnologies" level="WARN"/>
        <Logger name="EVENT" level="INFO" additivity="false">
            <AppenderRef ref="EVENT"/>
            <AppenderRef ref="CEF"/>
        </Logger>
        <Root level="WARN">
            <AppenderRef ref="FILE"/>
        </Root>
    </Loggers>
</Configuration>


Next, we need to add the following to the /opt/EasyAccess/Server/bin/start-PhenixID.sh file (Linux)  or  to the C:/program files/EasyAccess/Server/bin/EasyAccess.vmotion file (Windows):

for Linux:

JAVA_OPTS="${JAVA_OPTS} -Dcom.phenixidentity.globals.datetimepattern=yyyy-MM-dd'T'HH:mm:ssXXX"

for Windows:

-Dcom.phenixidentity.globals.datetimepattern=yyyy-MM-dd'T'HH:mm:ssXXX


These changes will require an EasyAccess server restart to take affect.

Additional information on log4j framework:

https://document.phenixid.net/m/90910/l/1138916-edit-log-settings

https://logging.apache.org/log4j/2.x/


Related articles

Brian Smart Search (Beta)
15 Jan, 2024 dictionary troubleshoot core stream incontrol incenter oneconnect cloudservice
How to configure passwordless OneTouch authentication
24 Feb, 2021 easyaccess radius saml sso onetouch