PREVIOUS web.iis

NEXT web.nginx


The tag  web.jboss.type.environment.application.clon is used to label the logs from JBoss applications.

When using JBoss as application server, there are two distinct areas producing logs and that can be integrated with Devo:

  • the JBoss logs 
  • the logs from the applications managed by JBoss

This article describes how to configure JBoss for the integration of the first type of logs, produced and managed by the application server itself.

JBoss generates by default the following log types:

  • boot.log (type: boot)
  • server.log (type: server)

You can also configure the access log:

  • access_log.yyyy-MM-dd.log (types: access-clf, access-combined, access-lt).

Depending on the product version, the default log files are usually stored at:

  • JBoss 7.x standalone
    •  standalone/log/boot.log
    •  standalone/log/server.log

  • JBoss 7.x managed account
    • domain/log/host-controller.log (type: boot)
    • domain/log/process-controller.log (type: boot)
    • domain/servers/*/log/boot.log
    • domain/servers/*/log/server.log

  • JBoss 6.x/5.x
    • server/default/log/boot.log
    • server/default/log/server.log

Tag structure

The elements environment, application and clone are free, but mandatory. They can take the value chosen by the user to identify the events source and they must always be used. The name of each of these elements reflects the intended use:

  • environment - the environment where the event occurs: development, testing, production, etc. The number and name of the environments are not fixed by Devo, since there could be a lot of variation between facilities.
  • application - the web application name
  • clone - the name of the JBoss instance that produced the event. Depending on the organization it could be a machine name, the virtual name of a JBoss process, etc.

The element type is fixed and it identifies the type and format of the sent event. This element can take one of the following values: 

  • boot
  • server
  • access-clf
  • combined access
  • access-lt


It contains general information generated by JBoss and its applications.

It is similar with Devo server type.


This log contains information about the start and stop of a JBoss server. It is similar with Devo boot type. 

In the default installation, this file is overwritten on each server start-up. You should set the log to be written in append mode in order to avoid problems with rsyslog,since it doesn't detect the file truncation and stops sending the logs.

See below a description of the different product versions.

  • Boot.log in JBoss 7.x

The configuration file is usually found in the standalone/configuration/ or domain/configuration/ paths (depending on the mode that the server is started).

These are the lines you should modify:

boot.log JBoss 7.x configuration

# File handler configuration
  • Boot.log in JBoss 6.x

    The configuration file is usually found in the bin/ path.

    These are the lines you should modify:

    boot.log JBoss 6.x configuration

    # File handler configuration
  • Boot.log in JBoss 5.x

    You should create the file bin/ as it follows:

    boot.log JBoss 5.x configuration

    log4j.rootCategory=DEBUG, FILE, CONSOLE
    ### A bootstrap file appender
    log4j.appender.FILE.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}] %m%n
    log4j.appender.CONSOLE.layout.ConversionPattern=%d{ABSOLUTE} %-5p [%c{1}] %m%n

Also you should reference the boot of the newly created file as described below:

JBoss 5.x execution

$ ./bin/ -Dlog4j.configuration=file:./bin/

Another alternative is to modify the script bin/ 

  1. add the option JAVA_OPTS="$JAVA_OPTS - Dlog4j.configuration=file:JBOSS_PATH/bin/
  2. replace JBOSS_PATH with the PATH where the product is installed

Access logs (access_log.yyyy-MM-dd)

This file contains an access log identical to the Apache Tomcat application server. There is an event log for each request processed by the server.

You can control the event content (format and fields) in detail.

The access log is not enabled by default and the configuration depends on the product version.

  • Access log in JBoss 7.x 

    Edit the file standalone/configuration/standalone.xml and the subsystem urn:jboss:domain:web:1.1

    JBoss 7.x access-log configuration

    <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">
        <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>
        <virtual-server name="default-host" enable-welcome-root="true">
            <alias name="localhost"/>
                <access-log rotate="false" prefix="access_log.txt" pattern="combined" >
                    <directory path="." relative-to="jboss.server.log.dir" />
  • Access log in JBoss 6.x/5.x

    Edit the file server/default/deploy/jbossweb.sar/server.xml and add the following Valve:

    JBoss 7.x access-log configuration

    <Valve className="org.apache.catalina.valves.AccessLogValve"
        prefix="access_log" suffix=".txt"
        rotatable="false" />

Devo supports 3 access log formats, two of them are standard format and the other is defined by Devo for users who need more details. Each of these formats is identified with a value for the element type of the syslog tag.

  • access-clf for the Common Log Format (CLF). This is the JBoss and Apache default format. The directive to define this format is:


    pattern="%h %l %u %t &quot;%r&quot; %s %b"
  • access-combined for the  NCSA extended/combined Log Format. The directive for this format is:


    pattern="%h %l %u %t &quot;%r&quot; %s %b &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot;"
  • access-lt for the Devo defined format that adds more details to the standard formats listed above. The directive to define this format is:

    logtrust access

    pattern="%t %a %l %u %S %v:%p %m &quot;%U%q&quot; %H &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;%{cookieName1}c:%{cookieName2}c&quot; %s %D %B %I"
    • where "%{cookieName1}c:%{cookieName2}c:...:$cookieNameN}c" is the name of the cookies you want to be reflected in the log.
  •  If you don't want to save any cookie, the format would be as follows:

    logtrust Access without cookies

    pattern="%t %a %l %u %S %v:%p %m &quot;%U%q&quot; %H &quot;%{Referer}i&quot; &quot;%{User-Agent}i&quot; &quot;&quot; %s %D %B %I"

  Sending to Devo via files

  • Unix environment

    The standard method is to configure JBoss to write the logs to file and rely on another tool (like rsyslog o syslog-ng) to send the events.

    You can use the following rsyslog configuration file:

    /etc/rsyslog.d/45-jboss.conf file

    $template jboss,"<%PRI%>%timegenerated% %HOSTNAME% %syslogtag% %msg%"
    # File server.log
    $InputFileName JBOSS_PATH/standalone/log/server.log
    $InputFileTag web.jboss.server.ENV.APP.CLON:
    $InputFileStateFile stat-jboss-server1
    $InputFileSeverity info
    $InputFileFacility local7
    $InputFilePollInterval 1
    $InputFilePersistStateInterval 1
    # File boot.log
    $InputFileName JBOSS_PATH/standalone/log/boot.log
    $InputFileTag web.jboss.boot.ENV.APP.CLON:
    $InputFileStateFile stat-jboss-boot1
    $InputFileSeverity info
    $InputFileFacility local7
    $InputFilePollInterval 1
    $InputFilePersistStateInterval 1
    # File access log
    $InputFileName JBOSS_PATH/standalone/log/access_log.txt
    $InputFileTag web.jboss.access-combined.ENV.APP.CLON:
    $InputFileStateFile stat-jboss-accessCombined1
    $InputFileSeverity info
    $InputFileFacility local7
    $InputFilePollInterval 1
    $InputFilePersistStateInterval 1
    # SSL config for logtrust secure relay
    #$DefaultNetstreamDriver gtls # use gtls netstream driver
    #$DefaultNetstreamDriverCAFile /etc/rsyslog.d/ca.crt
    #$DefaultNetstreamDriverCertFile /etc/rsyslog.d/user.crt
    #$DefaultNetstreamDriverKeyFile /etc/rsyslog.d/user.key
    #$ActionSendStreamDriverMode 1 # require TLS for the connection
    #$ActionSendStreamDriverAuthMode x509/name
    #$ActionSendStreamDriverPermittedPeer collector
    if $syslogtag contains 'web.jboss.' and $syslogfacility-text == 'local7' then @@LOGTRUST-RELAY:PORT;jboss
    :syslogtag, contains, "web.jboss." ~

You should customize the above template as it follows:

  • Replace JBOSS_PATH with the absolute path where the JBoss logs will reside. Please note the PATH could vary depending on the version of JBoss.
  • Replace ENV.APP.CLON with the values assigned to your application.
  • In this example, the access log uses the access-combined type. You can also use acc ess-clf and access-lt depending on the format you have previously configured.
  • Replace LOGTRUST-RELAY and PORT with the server and port of your Devo relay.
  • If you send the data to a secure relay, please uncomment the SSL section of the file.

Check if the file you are going to process and the directory where is located can be read by the user running rsyslog. If not, you should give the appropriate permissions by changing the file group to syslog:

Monitoring file permissions

# chown :syslog /opt/jboss/standalone/log /opt/jboss/standalone/log/*
# chmod 750 /opt/jboss/standalone/log
# chmod 640 /opt/jboss/standalone/log/*

To configure the files rotation, you can use logrotate. See below a configuration example:

/etc/logrotate.d/tomcat file

/opt/jboss/standalone/log/server.log /opt/jboss/standalone/log/boot.log /opt/jboss/standalone/log/access_log.txt
    rotate 14
        service rsyslog stop
        rm -f /var/spool/rsyslog/stat-jboss-*
        service rsyslog start
  • Restart rsyslog process:

    Restart rsyslog daemon

    /etc/init.d/rsyslog restart
  • Windows environments

    In this case, the standard method to send to Devo would be to rely in other tools (like Snare Epilog or MagicLog).

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.


PREVIOUS web.iis

NEXT web.nginx