Syslog configuration

syslog is a standard for message logging over networks. OMERO.server supports logging to either a local or remote syslog service.

This allows all logs of the OMERO.server to be routed to a central location instead of (or as well as) to a file.

Note

It is important to note that this applies only to the OMERO.server itself, not to components like OMERO.web.

How it works

Whenever a log message is generated, OMERO’s logging framework will forward that message to any configured appenders.

By default, OMERO is configured to log everything to files.

Note

OMERO is configured to log a record of events for operations such as import. These are written directly to the Managed Repository. It is very likely that even if replacing file logging with syslog, this aspect should be retained in files. This is easily achieved by not changing any loggers using SIFT.

Configuration

To configure OMERO to be able to log to syslog, it is necessary to modify the file OMERO.server/current/etc/logback.xml. It is possible to do all the configuration changes in this file alone, but for ease of config management, it is demonstrated here where an additional OMERO.server/current/etc/logback_syslog.xml file is used in addition.

The following information is required to configure OMERO to log to syslog.

  • The host on which syslog is running: e.g. localhost

  • The port number on which syslog is running on that host: e.g. 514

  • The facility (RFC 3164) that OMERO should be handled as: e.g. user or local6

Note

The facility is important because it determines how syslog will handle the messages it receives. It is unlikely that OMERO’s log output will be desired in a local systems primary message log for example. On Linux this is often /var/log/messages. Remember to configure the syslog configuration to avoid this. This is also where configuration of onward forwarding can be configured (to a service such as splunk). Finally, syslog can be configured to specifically output this facility output to a file such as /var/log/omero.

Create the new file OMERO.server/current/etc/logback_syslog.xml:

<?xml version="1.0" encoding="UTF-8"?>
<included>
  <!-- syslog -->
  <appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">

    <!-- Exclude debug level logging from ome.services.blitz.repo.ManagedImportRequestI -->
    <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
      <evaluator> <!-- defaults to type ch.qos.logback.classic.boolex.JaninoEventEvaluator -->
        <expression>return Level.DEBUG.equals(Level.toLevel(level)) &amp;&amp; logger.equals("ome.services.blitz.repo.ManagedImportRequestI");</expression>
      </evaluator>
      <OnMismatch>NEUTRAL</OnMismatch>
      <OnMatch>DENY</OnMatch>
    </filter>
    <!-- Exclude debug level logging from omero.* (except allow omero.cmd.*) -->
    <filter class="ch.qos.logback.core.filter.EvaluatorFilter">
      <evaluator> <!-- defaults to type ch.qos.logback.classic.boolex.JaninoEventEvaluator -->
        <expression>return Level.DEBUG.equals(Level.toLevel(level)) &amp;&amp; logger.startsWith("omero.") &amp;&amp; !logger.startsWith("omero.cmd.");</expression>
      </evaluator>
      <OnMismatch>NEUTRAL</OnMismatch>
      <OnMatch>DENY</OnMatch>
    </filter>

    <syslogHost>localhost</syslogHost>
    <facility>local6</facility>
    <suffixPattern>OMERO [%level] [%thread] %logger %msg</suffixPattern>
  </appender>

</included>

This creates an appender that sends messages to syslog. syslogHost is the host on which syslog is running. No port is specified as 514 is the default. The suffixPattern is customizable. In this instance it is identical to OMERO’s file logger except an added “OMERO” identifier has been added for clarity. The name of the appender has been set to SYSLOG. The filters replicate the same behaviour from the default FILE appender.

Note

If configuring the appender directly in the OMERO.server/current/etc/logback.xml file, then the included tag should not be used.

Within the configuration tag of OMERO.server/current/etc/logback.xml add:

<include file="/path/to/OMERO.server/etc/logback_syslog.xml"/>

Note

The included file path can be relative, but note that it is NOT relative to the OMERO.server/current/etc/logback.xml file, but to the current directory set by OMERO. It is highly recommended to use a full path.

Finally, also within OMERO.server/current/etc/logback.xml modify the root tag to include a second appender-ref (It can also be replaced if the file logs are not desired or syslog will handle writing those to a file on OMERO’s behalf):

<root level="OFF">
  <appender-ref ref="SYSLOG"/>
  <appender-ref ref="FILE"/>
</root>

Note

A restart of OMERO will be necessary before this takes effect.