This example shows how the logging appender of Rico can be used to add useful metadata to application logging. Next to this the sample shows how application logging can be stored in a central place.
Rico provides logging appender for [log4j2](https://logging.apache.org/log4j/2.x/) and [logback](http://logback.qos.ch/).
By using such an appender all context information of Rico (see dev.rico.core.context.RicoApplicationContext for more information) will automatically be added to MDC (Mapped Diagnostic Context) of each log message.
When having several applications and services in production the monitoring can become quite complex. By providing a centralized log management that stores all logs and provides analytic functionalities developers and administrators can find problems faster.
In this sample 2 different tools (ELK stack & Graylog) can be used to provide a centralized log management. For both stacks you can find predefined docker-compose setups that can be used to easily start a running environment. Since both servers are configured to listen on same port they cannot be run simultaneously.
Next to storing logging a log management provides much more functionality. One important aspect is the support of custom fields or tags that can be used to analyze logging. The Rico context API provides an easy way to add metadata to an application. By using the Rico logging-appender such metadata will automatically be added to log information. Next to this the GELF standard is used in this sample to send the logging over a UDP connection to the used log manager.
The sample provides docker containers to easily start a preconfigured Graylog instance that is used to store the log messages.
The complete setup can be found in the docker-graylog folder.
The docker-compose tool is needed to run the sample.
If docker-compose is installed on your system you only need to execute the start.sh from docker-graylog folder to boot the graylog instance.
Once this is done the web ui of Graylog can be accessed at http://localhost:9000.
When opening the ui for the first time you need to login to Graylog (user: admin - passwort: admin).
Graylog supports different sources of log messages. Before it is able to receive any message you need to tell it where to listen.
-
Visit to http://localhost:9000
-
Login to Graylog (user: admin - passwort: admin)
-
In the top menu select "System" > "Inputs"
-
Select "GELF UDP" as the input type and click "Launch new input".
-
In the popup select the "global" checkbox and give the input a title (i.e. GELF UDP)
-
Click "save".
-
Click "Show received messages" to the right of the newly added input.
-
Click on the little play symbol in the top right corner to enable auto refresh of the page.
-
Launch the server-spring-log4j or the server-spring-logback example (
mvn spring-boot:run). -
Click on a message to see all the details.
The server application will send the complete logging to the Graylog server by using the GELF format. You can see the complete Rico context based metadata that is part of each logging message in the Graylog UI.
The server applications both provide a http endpoint that can be called to create additional logging. To call the endpoint just open http://localhost:8080/api/sample.
The sample provides docker containers to easily start a preconfigured ELK stack that is used to store the log messages.
The complete setup can be found in the docker-elk folder.
The docker-compose tool is needed to run the sample.
If docker-compose is installed on your system you only need to execute the start.sh from docker-elk folder to boot the ELK stack.
Once this is done the web ui of Kibana can be accessed at http://localhost:5601.
- INFO
-
If the ELK stack fails to start with the message
max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]or similar than have a look at elasticsearch issue #111
The ELK stack is ready to receive log messages without a configuration. In order to browse the messages a little configuration is needed:
-
Launch the server-spring-log4j or the server-spring-logback example (
mvn spring-boot:run). -
Visit http://localhost:5601.
-
If asked to load sample data then chose "I want to se my own data".
-
In the left-hand menu select "Discover".
-
Click "Create Index Pattern".
-
Enter
*for the index pattern. -
Click "Next step".
-
Chose
@timestampas the "Time filter field name". -
Click "Create index pattern".
-
In the left-hand menu select "Discover".
Rico uses SLF4J throughout its Java code. By using SLF4J Rico leaves the choice of logging framework to the application.
The Rico logging module extends the MDC (Mapped Diagnostic Context) with Rico and application specific information. In order to be able to use Rico logging the application must use a logging framework which supports MDC. At the time of writing this module only Logback and Log4j provide MDC support.
Thus Rico logging can only be used if the application is using either Logback or Log4j.