protocol7 home

Filtering WebSphere Message Broker logs on Linux

On Linux/Unix, WebSphere Message Broker uses the syslog daemon for its error logging. While arguable the right thing to do, it’s a mess having application errors mixed up with kernel messages and what not. However, last week, two guys at work set up a clever solution to this problem, using the powerful syslog-ng. This is all Gustav and Christians work, I merely publish it for others to be able to re-use.

In the syslog configuration file /etc/syslog-ng/syslog-ng.conf.in, add a filter that matches messages from WMB:


filter f_wmb        { match('^WebSphere Broker'); };

This will allow for catching all messages from WMB. Now, create a destination where you want your WMB messages to go:


destination wmb { file("/var/log/wmb/messages" group(mqm) perm(0644)); };

In this case, we set the group to be mqm, simply because that’s the group our developers belong to (yeah, that might be a bad idea, but that’s the topic of another post).

Now, connect the destination to the filter:


log { source(src); filter(f_wmb); destination(wmb); };

With this setup, all messages coming from WMB will end up in the file /var/log/wmb/messages. To keep /var/log/messages clean, we might also want to strip out WMB messages:


filter f_messages   { not facility(news, mail) and not filter(f_iptables) and not filter(f_wmb); };

This line might look slightly different on your OS, however, the general idea is to add the negated f_wmb filter.

Now, restart the syslog-ng daemon and you should see your WMB message starting to gather in your new file:


/etc/init.d/syslog restart

In addition to this, we have also set up an Apache HTTPD server to serve up the WMB log file over HTTP, making access to the log trivial for our developers. All in all, I find this very useful. You might also argue that with this knowledge, using the log4j SyslogAppender might be a better idea that our usual RollingFileAppender.

Tags: , , , , . 2 Comments »

2 Responses

  1. Life of a Silverbakk − Stenbeck kommenterar Says:
    […] Filtering WebSphere Message Broker logs on Linux […]
  2. ramires Says:
    Excelent post, I did the same, but one aditional step after editing /etc/syslog-ng/syslog-ng.conf.in I had to run SuSEconfig , before restart the syslog-ng daemon.
    Thanks!

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.

Creative Commons Attribution 3.0 licensed unless otherwise specified.