Monitis+Log4j: The Cure for Monitoring Java Logs

Let’s face it; the Internet world today lives by Java. But not everything associated with Java runs smooth.

For example, many Java applications create log files by using a famous Log4J mechanism. Often, these applications are located remotely, and there is no actual way possible in real time to monitor the logs alerts. That often means that it’s difficult or impossible to avoid some dangerous situations in time, including stopping applications because of faults.

This article is presenting one of the possible ways to build a Monitis Custom monitor that can provide real-time monitoring for Java applications logs.

Usually the typical requirement for such types of monitors can be described as such:

The Java logs monitor has to be implemented as a separate application to avoid inadmissible side effects onto the monitored application.
It is undesirable to request an additional coding to support the logs monitor processing.

It is very desirable to implement the Java Logs Monitor on Java to obtain platform independence just like a monitored application.

The Java logs monitor has to have filtering features for limiting of accumulated and really important entries that are selected from log messages based on a specified criteria or pattern.

Needs to have the ability to view online or remotely a monitor report with the ability to easily get details of messages.

The monitored application should use the widespread Log4J logger engine.

The conditions mentioned above can be easily implemented by using Log4J SocketAppender and Monitis Custom Monitoring features. So, a rough drawing of the possible architecture is depicted below:

Thus, no changes are required to monitor a Java application. Only some small additions have to be included in the XML configuration of a Log4J engine. So, the user should add some part which will define an additional appender — Log4J SocketAppender that will ensure the communication with Monitis Logs Monitor. The SocketAppender should be configured in the following way:

	<appender name="monitisAppender" class="">
		<param name="Port" value="4560" />
		<param name="RemoteHost" value="localhost" />
		<param name="ReconnectionDelay" value="10000" />
		<param name="Threshold" value="ALL" />
		<filter class="org.monitis.logmonitor.logger.MonitisFilter">
			<param name="filterPattern" value="(Error|Fatal|Warn*|Attention)" />
			<param name="minAllowedLevel" value="WARN" />

To help you, here are some definitions of terms:

  • “Port” is the port number that listens to Log Monitor (default value is 4560);
  • “RemoteHost” is the host machine IP where the Monitis Log Monitor will be located;
  • “ReconnectionDelay” is the time interval to periodically try to establish connection to the Log Monitor;
  • “Threshold” is the log records level that will be given to Monitis Appender for analysis;
  • “Filter class” is the Java class that is provided by Log Monitor and the service for selection of log records;
    (log_mon.jar have to be included as an additional library into the list of Application libraries)
  • “filterPattern” is a pattern-string for selection of log records that you want to monitor
    (default is not any pattern – so all records will be sent to Log Monitor)
  • “minAllowedLevel” is the log records level (ERROR, WARN, DEBUG, etc.) that you want to monitor
    (default value is WARN)

Note that usage of SocketAppender gave us, in addition, a possibility to be wholly free of what other appenders monitor applications for because log records will be received directly from the Logging system — but not through a log file or some other secondary sources.
The Monitis Logs Monitor consists of a Socket Server that is responsible for receiving messages sent by SocketAppender, memory storage that accumulates received messages, and Monitis Open API Client that wraps Open API Custom Monitor functionality and ensures a connection with Monitis. The processing flow is managed by Logs Monitor Manager / Scheduler that organizes periodically the sending of an accumulated part of information into Monitis. Naturally, Monitis Logs Monitor should be configured by using values stored in the properties file that have the following view:

	# API Key and Secret Key replace by your ones which you can get from your Monitis account
	# monitor name
	# monitor tag
	# time interval between sending info into Monitis [ms]
	# time duration of monitor activity [ms]
	# if test duration is set less or equal 0 then test will run infinitely
	# unregister/remove monitor from Monitis after test fulfilling
	# List of allowed hosts that have permission to send log records to the LogServer
	# It can be specified as Java pattern (e.g "(|localhost|")
	# or be defined simply as "INADDR_ANY" (if there is no restriction for hosts)
	# server listen port (should be the same as defined for SocketAppender)

Note that it is necessary to replace almost all properties by your desired values and in correspondence to your account.
It is necessary to say that the monitored application and Log Monitor can be started in arbitrary sequence because any mentioned applications will do just its own work until there isn’t yet a connection to one another and periodically will try to establish the connection.

Please notice that the architecture mentioned above allows monitoring of not only single applications but also several applications simultaneously.

The source code for implementing presented architecture and its necessary details can be found in the repository Please notice that the source contains the logs simulator class that generates log records randomly and is used for testing purpose.
The current implementation sends two types of information into Monitis: a short view that represents the quantity of filtered log records and a detailed view that shows full content. So, the normal stats view of Log Monitor in your account will display the short information, but you can also see detailed information at any time by double-clicking on any line.

Java. You can’t live without it. Monitis hopes that this tutorial on monitoring your Java Log Alerts makes your life a little easier and makes Java a bit easier to use, too.  Stay tuned for more helpful hints! Signup 15-days Monitis free trial.