Audit logging restaccess.log not created

Hi there,

As per post Rest access log reformatting i am trying to achieve a similar outcome although the restaccess.log is not being created under dir /var/log/graylog/server

namei -l /var/log/graylog/server/

dr-xr-xr-x root    root    /
drwxr-xr-x root    root    var
drwxr-xr-x root    root    log
drwxr-xrw- graylog graylog graylog
drwxr-xrw- graylog graylog server

Below is the contents of the log4j2.xml file.
This is the default contents of the file with the addition of the code under

I understand as noted by the linked post that this is not a completed file although i will modify this further once the output is written to the restaccess.log.

Graylog version 2.4.6

<?xml version="1.0" encoding="UTF-8"?>
<Configuration packages="org.graylog2.log4j" shutdownHook="disable">
        <RollingFile name="rolling-file" fileName="/var/log/graylog-server/server.log" filePattern="/var/log/graylog-server/server.log.%i.gz">
            <PatternLayout pattern="%d{yyyy-MM-dd'T'HH:mm:ss.SSSXXX} %-5p [%c{1}] %m%n"/>
                <SizeBasedTriggeringPolicy size="50MB"/>
            <DefaultRolloverStrategy max="10" fileIndex="min"/>
        <!-- Simple appender that writes access log to specified file -->
        <File name="RestAccessLog" fileName="/var/log/graylog/server/restaccess.log" append="true">
            <PatternLayout pattern="%d %-5p: %c - %m%n"/>
        <!-- Internal Graylog log appender. Please do not disable. This makes internal log messages available via REST calls. -->
        <Memory name="graylog-internal-logs" bufferSize="500"/>
        <!-- Application Loggers -->
        <Logger name="org.graylog2" level="info"/>
        <Logger name="com.github.joschi.jadconfig" level="warn"/>
        <!-- This emits a harmless warning for ActiveDirectory every time which we can't work around :( -->
        <Logger name="" level="error"/>
        <!-- Prevent DEBUG message about Lucene Expressions not found. -->
        <Logger name="org.elasticsearch.script" level="warn"/>
        <!-- Disable messages from the version check -->
        <Logger name="org.graylog2.periodical.VersionCheckThread" level="off"/>
        <!-- Suppress crazy byte array dump of Drools -->
        <Logger name="org.drools.compiler.kie.builder.impl.KieRepositoryImpl" level="warn"/>
        <!-- Silence chatty natty -->
        <Logger name="com.joestelmach.natty.Parser" level="warn"/>
        <!-- Silence Kafka log chatter -->
        <Logger name="kafka.log.Log" level="warn"/>
        <Logger name="kafka.log.OffsetIndex" level="warn"/>
        <!-- Silence useless session validation messages -->
        <Logger name="org.apache.shiro.session.mgt.AbstractValidatingSessionManager" level="warn"/>
        <!-- RestAccessLogFilter -->
        <Logger name="" level="debug" additivity="false">
             <AppenderRef ref="RestAccessLog" level="debug"/>
             <AppenderRef ref="STDOUT" level="info"/>
        <Root level="warn">
            <AppenderRef ref="rolling-file"/>								   
            <AppenderRef ref="graylog-internal-logs"/>

Any help would be appreciated.

Thank you

This may answer my question.

Do you need the enterprise license (free or paid) in order to install and access the REST api?

Your goal is possible just with a slide modification of your log configuration.

I guess you had already checked the forum search if that can help you?

Hi Jan,

I was missing the plugin.

Everything works as intended.

Thank you

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.