Documentation Center
AlienVault® USM Appliance™

Red Hat JBoss Middleware

When you configure Red Hat JBoss Middleware to send log data to USM Appliance, you can use the Red Hat JBoss Middleware plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor Red Hat
Device Type Application Server
Connection Type Syslog
Data Source Name jboss
Data Source ID 1848

Integrating Red Hat JBoss Middleware

Before you configure the Red Hat JBoss Middleware integration, you must have the IP Address of the USM Appliance Sensor.

To configure Red Hat JBoss Middleware to send Syslog messages to USM Appliance

  1. Open the conf/jboss-log4j.xml file for editing and comment out the SYSLOG section. Create an appender using one of the facilities (LOCAL0...7) and change settings to meet the requirements of your own environment:

    <appender name="SYSLOG" class="org.apache.log4j.net.SyslogAppender">

      <errorHandler class="org.jboss.logging.util.OnlyOnceErrorHandler"/>

     

      <param name="Facility" value="LOCAL7"/>

      <param name="FacilityPrinting" value="true"/>

      <param name="SyslogHost" value="USM Appliance_IP"/>

      <layout class="org.apache.log4j.PatternLayout">

      <param name="ConversionPattern" value="[%d{ABSOLUTE},%c{1}] %m%n"/>

      </layout>

    </appender>

  2. Add an appender reference named SYSLOG:

    <root>

      <priority value = "INFO" />

      <appender-ref ref="FILE"/>

      <appender-ref ref="SYSLOG"/>

    </root>

  3. After making your changes, stop and then restart the JBoss Server.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

http://kadirsert.blogspot.com.es/2012/05/sending-jboss-log4j-logs-to-remote.html

For troubleshooting, refer to the vendor documentation:

https://docs.jboss.org/jbportal/v2.2/user-guide/en/html/troubleshooting.html