Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Configuration HDFS(HIVE2) log4j for send event thought rsyslog

Contributor

I try apply this recommendation https://wiki.apache.org/hadoop/HowToConfigure , but no have result, please help.

After restart "rsyslog" and generate event in HDF, not seeing event on /var/log/boot.log or on server 10.44.12.10 site.

HDFS Site
Advanced HDFS log4j Site :
*********************
#
# hdfs audit logging
#
hdfs.audit.logger=INFO,DRFAAUDIT,SYSLOG
log4j.logger.org.apache.hadoop.hdfs.server.namenode.FSNamesystem.audit=${hdfs.audit.logger}
log4j.additivity.org.apache.hadoop.hdfs.server.namenode.FSNamesystem.audit=false
log4j.appender.DRFAAUDIT=org.apache.log4j.DailyRollingFileAppender
log4j.appender.DRFAAUDIT.File=${hadoop.log.dir}/hdfs-audit.log
log4j.appender.DRFAAUDIT.layout=org.apache.log4j.PatternLayout
log4j.appender.DRFAAUDIT.layout.ConversionPattern=%d{ISO8601} %p %c{2}: %m%n
log4j.appender.DRFAAUDIT.DatePattern=.yyyy-MM-dd


# Configure syslog appender
log4j.appender.SYSLOG=org.apache.log4j.net.SyslogAppender
log4j.appender.SYSLOG.syslogHost=loghost
log4j.appender.SYSLOG.layout=org.apache.log4j.PatternLayout
log4j.appender.SYSLOG.layout.ConversionPattern=%d{ISO8601} %p %c: %m%n
log4j.appender.SYSLOG.Facility=LOCAL1
#
**************************	
On active HDFS name node:

[root@ks-dmp-pp11 ~]# cat /etc/rsyslog.conf | grep -v \# | grep -v '^$'
$ModLoad imudp
$UDPServerRun 514
$WorkDirectory /var/lib/rsyslog
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
$IncludeConfig /etc/rsyslog.d/*.conf
$OmitLocalLogging on
$IMJournalStateFile imjournal.state
*.info;mail.none;authpriv.none;cron.none                /var/log/messages
authpriv.*                                              /var/log/secure
mail.*                                                  -/var/log/maillog
cron.*                                                  /var/log/cron
*.emerg                                                 :omusrmsg:*
uucp,news.crit                                          /var/log/spooler
local1.*                                                /var/log/boot.log
$MaxMessageSize 64k
$template ArcFormat,"%syslogtag%%msg%"
local5.info @10.44.12.10;ArcFormat
local1.info @10.44.12.10;ArcFormat
local1.none;local6.none;local5.none @localhost
[root@ks-dmp-pp11 ~]#

1 REPLY 1

Contributor

Any Idea for my ? how send HDFS audit event to SYSLOG any way ?