Please also make sure that the hostname can be resolved.

Try running 'hostname' as unprivileged user to make sure the machine can resolve the local host name.



On Wed, May 11, 2016 at 3:29 AM, Fabrice Bacchella <fabrice.bacchella@orange.fr> wrote:
You're showing a logstash parsing, extracted from a message formatted using syslog. All the magic should be in the pattern line (log4j.appender.myappender.layout.ConversionPattern=[%c] %m%).
And logstash failed to parse the line anyway (see the _grokparsefailure).

Did you try to send native log4j event to logstash, using custom appenders like my own : https://github.com/fbacchella/ZMQAppender


> Le 11 mai 2016 à 08:20, Dominique Taffin <dominique.taffin@1und1.de> a écrit :
>
> Hello!
>
> Thank you for your reply. Unfortunately, it does not include the hostname with header=true.
> The following is received by the logserver:
>
> {
>   "_index": "ovirt-2016.05.11",
>   "_type": "syslog",
>   "_id": "AVSedM6EH9SU2r3j0ihk",
>   "_score": null,
>   "_source": {
>     "message": "<14>[org.ovirt.engine.core.vdsbroker.HostDevListByCapsVDSCommand] START, HostDevListByCapsVDSCommand(HostName = onodeXXX.some.domain, VdsIdAndVdsVDSCommandParametersBase:{runAsync='true', hostId='XXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXX', vds='Host[onodeXXX.some.domain,XXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXX]'}), log id: 689d5b30\n",
>     "@version": "1",
>     "@timestamp": "2016-05-11T08:15:35.729+02:00",
>     "type": "syslog",
>     "host": "10.XXX.XXX.XXX",
>     "tags": [
>       "_grokparsefailure"
>     ],
>     "syslog_severity_code": 5,
>     "syslog_facility_code": 1,
>     "syslog_facility": "user-level",
>     "syslog_severity": "notice"
>   },
>   "sort": [
>     1462947335729,
>     1462947335729
>   ]
> }
>
> is it possible to have the IP in the "host" filed have resolved from log4j so that the hostname will be displayed there? Or have it convinced to use the appender.Application field?
>
> thank you and best,
>  Dominique
>
> Von: Ravi Nori <rnori@redhat.com>
> Gesendet: Dienstag, 10. Mai 2016 19:04
> An: Dominique Taffin
> Cc: users@oVirt.org
> Betreff: Re: [ovirt-users] Log4j hostname
>
> Hi Dominique,
>
> Add
>
> log4j.appender.myappender.header = true
>
> and see if you get the hostname
>
> Ravi
>
>
> On Mon, May 9, 2016 at 9:37 AM, Dominique Taffin <dominique.taffin@1und1.de> wrote:
> Hello!
>
> We are using the log4j extension  to send ovirt logs to a logstash server.
> As we do have several engine hosts and only one logging backend, we do need to filter logs by hostname. So far I am unable to provide a hostname in
> Log4jLogger.properties. All Log4j configurations we have in other applications/servers to honor the log4j.Application property. I tried setting it up by:
>
>
>
> ovirt.engine.extension.name = Log4j
> ovirt.engine.extension.provides = org.ovirt.engine.api.extensions.logger.Logger
> ovirt.engine.extension.bindings.method = jbossmodule
> ovirt.engine.extension.binding.jbossmodule.module = org.ovirt.engine-extensions.logger.log4j
> ovirt.engine.extension.binding.jbossmodule.class = org.ovirt.engineextensions.logger.log4j.Log4jLogger
> log4j.rootLogger=DEBUG, myappender
>
> log4j.appender.myappender = org.apache.log4j.net.SyslogAppender
> log4j.appender.myappender.SyslogHost = logstash-server.something
> log4j.appender.myappender.Port = 5544
> log4j.appender.myappender.ReconnectionDelay = 60000
> log4j.appender.myappender.Application = ovirthostname
> log4j.appender.myappender.LocationInfo = true
> log4j.appender.myappender.Threshold = DEBUG
> log4j.appender.myappender.layout = org.apache.log4j.PatternLayout
> log4j.appender.myappender.layout.ConversionPattern=[%c] %m%n
>
>
>
> Logs do arrive, but no hostname. Can anyone point me out on how to include the hostname in the logs?
>
> thank you and best,
>  Dominique
>
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users