Log4j2

You can configure your app library data for InsightOps to ingest data from Apache Log4j2.

Before you begin

Decide whether you want to perform the installation and configuration manually or by using Maven. Instructions for both methods are provided here.

Install Log4j2

  1. Download the Log4j2 package from the Log4j2 official site.
  2. Place the log4j-*.jar file from the package in your project and add it to the build path.
  3. Get the latest InsightOps jar library at [https://mvnrepository.com/artifact/com.rapid7/r7insight_java/latest] and add it to your build path.

** To use Maven to install Log4j2**:

You can use Maven to organize both Log4j2 and its InsightOps plugin. Simply add these following dependencies to your project:

1
<dependencies>
2
<dependency>
3
<groupId>org.apache.logging.log4j</groupId>
4
<artifactId>log4j-api</artifactId>
5
<version>2.20.0</version>
6
</dependency>
7
<dependency>
8
<groupId>org.apache.logging.log4j</groupId>
9
<artifactId>log4j-core</artifactId>
10
<version>2.20.0</version>
11
</dependency>
12
</dependencies>

Now, when you compile the project by running the command mvn compile, you’ll see Maven download both Log4j2 and the logentriesappender.

Configure Log4j2

Set the log4j2.xml file for your project. For this, download log4j2.xml and place it on the classpath. Its contents are:

1
<?xml version="1.0" encoding="UTF-8"?>
2
<Configuration status="WARN">
3
<Appenders>
4
<Logentries >
5
<PatternLayout pattern="%d{yyyy-MM-dd HH:mm:ss ZZZ} %F.%L level:%-5p%m"/>
6
<name>le</name>
7
<token>LOGENTRIES_TOKEN</token>
8
<region>eu</region>
9
<debug>false</debug>
10
<ignoreExceptions>false</ignoreExceptions>
11
<logId>YOUR LOG ID</logId>
12
<useSsl>true</useSsl>
13
<!-- datahub specific options -->
14
<key>account_key</key>
15
<useDataHub>false</useDataHub>
16
<dataHubAddr>localhost</dataHubAddr>
17
<location>my_datacentre</location>
18
<dataHubPort>10000</dataHubPort>
19
<logHostName>true</logHostName>
20
<hostName>my_host</hostName>
21
<httpPut>false</httpPut>
22
</Logentries>
23
</Appenders>
24
25
<Loggers>
26
<Root level="DEBUG">
27
<AppenderRef ref="le" />
28
</Root>
29
</Loggers>
30
</Configuration>

You can get a Log token from the Add Data page in InsightOps. Your region refers to the data centre where your account is, for example, "us" or "eu".

If you already created a log, browse to the log in InsightOps and click the settings icon on the Entries card. You will be presented with the settings for the log, where the token is displayed.

Insert the logging code for Log4j2

This will send log data from a console app

1
import org.apache.logging.log4j.LogManager;
2
import org.apache.logging.log4j.Logger;
3
4
class HelloLogentries {
5
private static Logger log = LogManager.getRootLogger();
6
7
public static void main(String[] args)
8
{
9
log.debug("I'm a debug message");
10
log.info("I'm an info message");
11
12
// Wait here for user input, as logger needs a moment
13
// to spawn its daemon thread and begin sending
14
try{
15
System.in.readline();
16
}catch(IOException e){
17
//Do nothing
18
}
19
}
20
}