How to forward Bitbucket Server's logging to syslog

Still need help?

The Atlassian Community is here for you.

Ask the community

The content on this page relates to platforms which are supported; however, the content is out of scope of our Atlassian Support Offerings. Consequently, Atlassian cannot guarantee support. Please be aware that this material is provided for your information only and you may use it at your own risk.

Purpose

Sometimes security teams require Bitbucket logs be appended to syslog or another service.

Solution

Bitbucket uses LogBack from QOS. The configuration for Bitbucket's logging can be found in <BITBUCKET SERVER INSTALLATION-DIRECTORY>/app/WEB-INF/classes/logback.xml (for Bitbucket versions before 7.0) and <BITBUCKET SERVER INSTALLATION-DIRECTORY>/app/WEB-INF/classes/logback-spring.xml (for versions after Bitbucket 7.0). You can read more about configuring Bitbucket's logging in Configure Bitbucket Server Logging and configure an appender for either SysLog or some other logging service. For more details, you can read about that in Chapter 4: Appenders

Here is the sample logback-spring configuration snippet to redirect Bitbucket server logs and access logs to SYSLOG. 

(warning) Append syslog appender to the existing appenders in logback-spring.xml 

<appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
                      <syslogHost>127.0.0.1</syslogHost>
                      <facility>USER</facility>
                      <port>514</port>
                      <suffixPattern>[%thread] %logger %msg</suffixPattern>
            </appender>

<!-- Do not set levels here, only add appenders -->
            <root>
                <appender-ref ref="bitbucket.application"/>
                <appender-ref ref="SYSLOG"/>
            </root>

            <!-- Enable Atlassian Profiling and direct it to its own separate appender -->
            <logger name="com.atlassian.util.profiling" level="DEBUG" additivity="false">
                <appender-ref ref="bitbucket.profiler"/>
            </logger>

            <!-- Enable access logs and direct it to its own separate appender -->
            <logger name="bitbucket.access-log" level="INFO" additivity="false">
                <appender-ref ref="bitbucket.accesslog"/>
                <appender-ref ref="SYSLOG"/>
            </logger>

            <!-- Enable alert logs and direct it to its own separate appender -->
            <logger name="bitbucket.alert-log" level="INFO" additivity="false">
                <appender-ref ref="bitbucket.alertlog"/>
            </logger>

            <!-- Enable mail logs and direct it to its own separate appender -->
            <logger name="bitbucket.mail-log" level="INFO" additivity="false">
                <appender-ref ref="bitbucket.maillog"/>
            </logger>

Restart the instance to get the changes into effect.

(info) If you run into issues and need any assistance, please contact the QOS support as this is out of scope of Atlassian support

Please note that this is unsupported and this change will have to applied after each upgrade. Fixing any issues related to this change are outside the scope of our support offerings.




Last modified on Aug 26, 2021

Was this helpful?

Yes
No
Provide feedback about this article
Powered by Confluence and Scroll Viewport.