Direct logback logs to graylog

Question

I have a third party java application which uses logback for logging.

I want to add a Socket Appender to the application's logback.xml as specified in the documentation (https://logback.qos.ch/manual/appenders.html)

<configuration debug="true">
  <appender name="SERVER" 
    class="ch.qos.logback.classic.net.server.ServerSocketAppender">
    <port>${port}</port>
    <includeCallerData>${includeCallerData}</includeCallerData>
  </appender>

  <root level="debug">
    <appender-ref ref="SERVER" />
  </root>  

</configuration>

The purpose is to direct the logs to graylog using udp end point. Is there a way to send the logs using the UDP protocol ?

Thanks for your time.

Answer 1

There are multiple GELF appenders for Logback listed on the Graylog Marketplace: https://marketplace.graylog.org/addons?tag=logback

Personally, I'd recommend using logstash-gelf.

Answer 2

I created a TCP Socket Server application (say on port 1234 running on localhost).

I added a socket appender to the logback.xml of the third party application to send logs to the TCP Server application.

 <appender name="SOCKET" class="ch.qos.logback.classic.net.SocketAppender">
    <remoteHost>localhost</remoteHost>
    <port>1234</port>
    <reconnectionDelay>10000</reconnectionDelay>
    <includeCallerData>true</includeCallerData>
</appender>

Now, on the Socket server application, I added the logstash-gelf dependency and appender that joschi recommended. Now the logs from the third party application go thru a hop and then reach Graylog.

The one caveat that I had to get around was to determine the severity of the log from the log message before logging it again in the socket server application.