I would like to use log4j's SyslogAppender to emit XML Audit Messages via BSD Syslog Protocol (RFC 3164) from various Health care client and server applications to a central Audit Record Repository, as specified by Integrating the Healthcare Enterprise (IHE) Integration Profile Audit Trail and Node Authentication (ATNA) in the IHE IT Infrastructure Technical Framework. (s. Vol. 1 (ITI TF-1): Integration Profiles [http://www.ihe.net/Technical_Framework/upload/ihe_iti_tf_2.0_vol1_FT_2005-08-15.pdf], Page 55ff). There is no explicit requirement by IHE, that an ATNA compliant Audit Record Repository has to bind on the UDP port 514 assigned for syslog, Therefore clients must be configurable, to send Audit message to the repository host also to a different UDP destination port than 514. With the current version of log4j's SyslogAppender you cannot use a different UDP destination port than 514. The attached patches (one for current trunk, and one for log4j-v1.2.9) would enable to configure any port number by new option "SyslogPort" - with using 514, as default behavior. It's no effort/problem, to use such modified MySyslogAppender and MySyslogWriter classes as proprietary extension of log4j, but perhaps a configurable UDP destination port of log4j's SyslogAppender sounds also useful for others.. Best Regards, gunter zeilinger Agfa Healthcare
Created attachment 18372 [details] log4j-trunk-add-SyslogPort-option.patch
Created attachment 18373 [details] log4j-v1_2-branch-add-SyslogPort-option.patch
Any thoughts on supporting :portno syntax on the existing syslogHost property? So that if you specified syslogHost="syslog.example.com", it would go to port 514 on "syslog.example.com" but syslogHost="syslog.example.com:1514" would go to port 1514?
I have no preference.
Created attachment 18376 [details] support host:port syntax (log4j-trunk)
Created attachment 18377 [details] support host:port syntax (log4j-v1_2-branch)
Committed a slightly different take in rev 438792 to the log4j-1_2 branch and 438801 to the trunk. Adding a separate "port" property to SyslogAppender (as suggested in first set of patches) was problematic since SyslogWriter is created on the call ot setSyslogPort() and order of calling setSyslogPort() and setSyslogHost() could be arbitrary when using configurators. The second set of patches would break support for naked IPv6 addresses which would contain colons but would now be interpreted as an address and a port. The committed patch will use java.net.URL to parse the syslogHost property except when the property contains more than one colon and does not start with a left bracket. The following forms should still be supported: Host name: foo.example.org IPv4: 127.0.0.1 IPv6: ::1 The following forms are added: Host and port: foo.example.org:1514 IPv4 and port: 127.0.0.1:1514 IPv6 (URL form): [::1] IPv6 and port: [::1]:1514 Would appreciate any feedback.