Page History
| Table of Contents |
|---|
Introduction
The JS7 offers a Logging the Log Management Service compliant to RFC5424, aka syslog Syslog protocol.
- Service
- The
- Log Management Service is available from JOC Cockpit within the scope of JS7 - Services.
- The
- Log Management Service offers high availability: in case of fail-over or switch-over of JOC Cockpit the
- Log Management Service will become available from the active JOC Cockpit instance.
- Clients
- All JS7 products, JOC Cockpit, Controller and Agents that act as a client to the Log Management Service, can be configured to report log output to the JS7
- Log Management Service.
- This allows access to
- x
- Log output of JS7 products is always written to local log files. In addition, log output can be forwarded to the Log Management Service.
- Users have a choice to enable forwarding of log output per instance of a JS7 product during installation and later on by adjusting the Log4j2 configuration.
The JS7 Log Management The JS7 Logging Service becomes available from
| Jira | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
| Display feature availability | ||
|---|---|---|
|
Log4j2 Configuration
By default the Log4j configuration of JS7 products will not make use of the Logging Log Management Service. Instead, users choose for which instances of JS7 products they want send log output to the Logging Log Management Service.
Controller Log4j2 Configuration
The following Log4j2 configuration is available from the log4j2.xml-example file available available with a Controller's data directory:
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<Appenders>
<Syslog name="RFC5424" format="RFC5424" host="localhost" port="4514"
protocol="UDP" charset="UTF-8" facility="LOCAL0" newLine="false">
<PatternLayout pattern="<134>1 %d{ISO8601}{ETC/UTC}Z ${hostName} JS7 Controller {
"host":"${hostName}",
"controllerId":"${ControllerId}",
"thread":"%t",
"level":"%p",
"logger":"%c{1}",
"message":"%enc{%m}{JSON}",
"thrown":"%enc{%throwable{10}}{JSON}"
}"
/>
</Syslog>
</Appenders> |
Explanations:
- tbd
Agent Log4j2 Configuration
The following Log4j2 configuration is available from the log4j2.xml-example file available available with a Controller's data directory:
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<Appenders>
<Syslog name="RFC5424" format="RFC5424" host="localhost" port="4514"
protocol="UDP" charset="UTF-8" facility="LOCAL0" newLine="false">
<PatternLayout pattern="<134>1 %d{ISO8601}{ETC/UTC}Z ${hostName} JS7 Controller {
"host":"${hostName}",
"controllerId":"${ControllerId}",
"agentId":"...",
"level":"%p",
"logger":"%c{1}",
"message":"%enc{%m}{JSON}",
"thrown":"%enc{%throwable{10}}{JSON}"
}"
/>
</Syslog>
</Appenders> |
Explanations:
- tbd
JOC Cockpit Log4j2 Configuration
The following Log4j2 configuration is available from the log4j2.xml-example file available available with a Controller's data directory:
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<Appenders>
<Syslog name="RFC5424" format="RFC5424" host="localhost" port="4514"
protocol="UDP" charset="UTF-8" facility="LOCAL0" newLine="false">
<PatternLayout pattern="<134>1 %d{ISO8601}{ETC/UTC}Z ${hostName} JS7 Controller {
"host":"${hostName}",
"controllerId":"${ControllerId}",
"agentId":"...",
"level":"%p",
"logger":"%c{1}",
"message":"%enc{%m}{JSON}",
"thrown":"%enc{%throwable{10}}{JSON}"
}"
/>
</Syslog>
</Appenders> |
Explanations:
- tbd
Delimitation
The JS7 Logging Log Management Service is offered for convenience purposes as it allows to access log files of JS7 products from JOC Cockpit as a central point of view.
Due to limitations of the underlying Syslogd Protocol the JS7 Logging Log Management Service does not meet all requirements for security, resiĺience and high availability. The Logging Log Management Service is offered for convenience. The authoritative source of log output remains with log files created by the JS7 products.
Security
The Syslogd Protocoll does not specify authentication:
- This translates to the fact that log messages can be faked by malicious 3rd-party components as the JS7 Logging Log Management Service cannot authenticate and reliably identify the source of log output.
- Users are warned in case that they take action based on messages arriving with the JS7 Logging Log Management Service: severe messages that suggest immediate action should be verified from the JS7 product's log files.
...
- Flooding of messages is a possible scenario for attacks that is not covered by the Syslogd Protocol.
- The JS7 Logging Log Management Service will identify such scenarios and will shut down. The behavior is intended to keep the JOC Cockpit that operates the Logging Log Management Service free from DNS attacks.
Resilience
The Logging Log Management Service accepts messages sent via the UDP protocol only.
- TCP connections are out of scope due to their blocking nature.
- UDP messages can arrive in an sequence.
The Logging Log Management Service performs input sanitazation.
- This includes that any log messages that include for example HTML tags, will be dropped.
- Messages sent to the JS7 Logging Log Management Service have to be compliant to the above Log4j configuration and otherwise will be dropped..
High Availability
The JS7 Logging Log Management Service is subject to clustering of JOC Cockpit:
- This allows the service to switch from a current JOC Cockpit instance to the next active JOC Cockpit instance.
- Switching to a different host operating the then active JOC Cockpit instance includes that the hostname of the Logging Log Management Service will change,. Users are encouraged to set up a Proxy Service that will forward log messages to the active JOC Cockpit instance.
...
Overview
Content Tools