How should I forward my logs to a collector like syslog-ng or Splunk?

• which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
  SonarQube: 7.4.0.18908 (Enterprise Edition)
  Scanner: SonarQube Scanner 3.2.0.1227
  Plugin: SonarQube Scanner for Jenkins 2.8.1

• what are you trying to achieve
  I am trying to get the logs (Main Process, Compute Engine, Search Engine, Web Server) into our log management system (Splunk Cloud).

• what have you tried so far to achieve this
  Searched for documentation on logging and log forwarding:

  • Found guidance on how to get the logs interactively. That works.
  • Found guidance on controlling the log level via sonar.properties. That works.
  • Here is the documentation I found: https://docs.sonarqube.org/latest/instance-administration/system-info/

  Went on the SonarQube server and found the logs in $SONARQUBE-HOME/logs/. This doesn’t appear to be documented.

I think the right approach is to configure a log collector to forward all *.log files in $SONARQUBE-HOME/logs/ to my log management system (Splunk Cloud).

How should I forward my logs to a collector like syslog-ng or Splunk?

Hey Alain,

My splunk knowledge is rusty and incomplete, and these are considerations fairly separate from the SonarQube platform itself, but isn’t this the general use-case for something like the Splunk Universal Forwarder?

Colin

It is. I can add the log files to an inputs.conf for Splunk Universal Forwarder.

I thought there might be a syslog option in Sonar itself that I was overlooking. It looks like it writes log files locally so those can be picked up by a log forwarder running on the Sonar server.

Thank you.