Logs are a record of events that occur during the operation of your servers that collect important information about the servers. You can use logs to help diagnose problems and understand the behavior of applications.
Open Liberty servers and applications produce various logs that can be used for different forms of analysis. These logs include the message log, trace log, first failure data capture (FFDC) logs, audit logs, and access logs:
Record errors, warnings, and general information as the server runs. These logs are the most common choice to help understand the general health of the server.
Provide details about the infrastructure of components or applications that run on the server. These logs can be enabled for specific components when problems arise.
Record information for specific exception conditions that include the details of the exception stack and dumps of objects from the server that relate to the cause of the exception.
Record events from the server that are important to assessing security issues and are useful for security analysis.
Record every HTTP request that is made to the server. These logs are useful for traffic analysis.
For more information, see JSON log events reference list
It is common to aggregate logs from all servers with log analysis tools so that the logs can be easily searched and analyzed. When logs are aggregated, you can use log analysis tools to determine which events occur in proximity to each other, which servers encounter the same problems, and when problems first occur.
Although you can configure log aggregation and analysis tools to understand different log file formats, a simpler method is to emit all logs from Open Liberty servers in JSON format. As JSON is a self-describing format, log analysis tools are typically able to consume JSON logs without the need for format-specific parsing instructions. Open Liberty can format its message log and console output in JSON format.
With Open Liberty, you can write your logs to the console in JSON format and rely on the server management system to automatically consume and parse console logs. This flexibility enables servers to run in different environments without modifying the server log configuration.
For more information, see JSON logging.
Open Liberty provides a Logstash collector feature that can send logs directly to a Logstash server. Logstash is a log aggregation tool. The feature collects message, trace, FFDC, audit, and access log events in your Open Liberty server at run time. Those events are then forwarded securely to the host and port where your Logstash server runs.
The Logstash collector is most convenient when your target log aggregator is Logstash, and when the environment your server runs in doesn’t automatically aggregate and forward log events.
For more information, see Forwarding logs and events to Logstash with Logstash collector.