How to forward Bitbucket Server's logging to syslog
The content on this page relates to platforms which are supported; however, the content is out of scope of our Atlassian Support Offerings. Consequently, Atlassian cannot guarantee support. Please be aware that this material is provided for your information only and you may use it at your own risk.
Purpose
Sometimes security teams require Bitbucket logs be appended to syslog or another service.
Environment
Applicable for Bitbucket server versions below 7.0
Solution
Bitbucket uses LogBack from QOS. The configuration for Bitbucket's logging can be found in <BITBUCKET SERVER INSTALLATION-DIRECTORY>/app/WEB-INF/classes/logback.xml (for Bitbucket versions before 7.0) and <BITBUCKET SERVER INSTALLATION-DIRECTORY>/app/WEB-INF/classes/logback-spring.xml (for versions after Bitbucket 7.0). You can read more about configuring Bitbucket's logging in Configure Bitbucket Data Center Logging and configure an appender for either SysLog or some other logging service. For more details, you can read about that in Chapter 4: Appenders.
Here is the sample logback-spring configuration snippet to redirect Bitbucket server logs and access logs to SYSLOG.
Append syslog appender to the existing appenders in logback-spring.xml
<appender name="SYSLOG" class="ch.qos.logback.classic.net.SyslogAppender">
<syslogHost>127.0.0.1</syslogHost>
<facility>USER</facility>
<port>514</port>
<suffixPattern>[%thread] %logger %msg</suffixPattern>
</appender>
<!-- Do not set levels here, only add appenders -->
<root>
<appender-ref ref="bitbucket.application"/>
<appender-ref ref="SYSLOG"/>
</root>
<!-- Enable Atlassian Profiling and direct it to its own separate appender -->
<logger name="com.atlassian.util.profiling" level="DEBUG" additivity="false">
<appender-ref ref="bitbucket.profiler"/>
</logger>
<!-- Enable access logs and direct it to its own separate appender -->
<logger name="bitbucket.access-log" level="INFO" additivity="false">
<appender-ref ref="bitbucket.accesslog"/>
<appender-ref ref="SYSLOG"/>
</logger>
<!-- Enable alert logs and direct it to its own separate appender -->
<logger name="bitbucket.alert-log" level="INFO" additivity="false">
<appender-ref ref="bitbucket.alertlog"/>
</logger>
<!-- Enable mail logs and direct it to its own separate appender -->
<logger name="bitbucket.mail-log" level="INFO" additivity="false">
<appender-ref ref="bitbucket.maillog"/>
</logger>
Restart the instance to get the changes into effect.
If you run into issues and need any assistance, please contact the QOS support as this is out of scope of Atlassian support
Please note that this is unsupported and this change will have to applied after each upgrade. Fixing any issues related to this change are outside the scope of our support offerings.