Open Source Tomcat Log Viewer: Centralized Monitoring with Syntax Highlighting and Alerting for Java Applications


2 views

Managing 30-35 Tomcat instances means dealing with massive log volumes across multiple servers. The default approach of tailing individual catalina.out files becomes impractical at scale. We need a solution that provides:

  • Centralized log aggregation
  • Visual differentiation of log severity
  • Structured view of Java stack traces
  • Proactive alerting capabilities

While the ELK (Elasticsearch, Logstash, Kibana) stack is powerful, it requires significant setup and maintenance overhead. For Java-focused teams, a lighter solution like Graylog or the following alternatives may be more appropriate:


// Sample logback.xml configuration for Graylog
<appender name="GELF" class="de.siegmar.logbackgelf.GelfUdpAppender">
    <graylogHost>192.168.1.100</graylogHost>
    <graylogPort>12201</graylogPort>
    <maxChunkSize>508</maxChunkSize>
    <useCompression>true</useCompression>
    <encoder class="de.siegmar.logbackgelf.GelfEncoder">
        <originHost>${HOSTNAME}</originHost>
        <includeRawMessage>false</includeRawMessage>
        <includeMarker>true</includeMarker>
        <includeMdcData>true</includeMdcData>
    </encoder>
</appender>

For teams needing Java-specific features like stack trace visualization, consider these options:

1. LogMX (Free Edition)

Provides excellent Java exception parsing with collapsible stack traces. Configuration example:


# In tomcat/conf/logging.properties
handlers = org.apache.juli.FileHandler, com.lightysoft.logmx.LogMXHandler
com.lightysoft.logmx.LogMXHandler.level = FINE

2. OtrosLogViewer

Open-source option with syntax highlighting rules defined in XML:


<highlight>
    <pattern>ERROR</pattern>
    <bgColor>#FFCCCC</bgColor>
    <fgColor>#000000</fgColor>
</highlight>

For custom alerting, combine tools like:

  • Swatch: Simple Perl-based pattern watcher
  • Logcheck: Send alerts via email
  • Custom solution using Java's WatchService API

Example WatchService implementation:


Path dir = Paths.get("/var/log/tomcat");
WatchService watcher = FileSystems.getDefault().newWatchService();
dir.register(watcher, ENTRY_MODIFY);

while (true) {
    WatchKey key = watcher.take();
    for (WatchEvent<?> event : key.pollEvents()) {
        if (event.kind() == ENTRY_MODIFY) {
            Path changed = (Path)event.context();
            if (changed.toString().endsWith(".log")) {
                checkForErrors(changed);
            }
        }
    }
    key.reset();
}

For centralized viewing, consider these transport methods:

Method Pros Cons
rsyslog Lightweight Limited parsing
Filebeat ELK integration Additional service
Custom TCP Full control Maintenance overhead

When managing 30-35 Tomcat instances, traditional log analysis methods become inefficient. The need for centralized log viewing with advanced features like syntax highlighting and exception visualization is critical for production environments.

Here are the most robust open-source tools for Tomcat log management:

1. Graylog (Recommended)

While not Tomcat-specific, Graylog excels at centralized log management. Example configuration for Tomcat:


# In logging.properties
handlers = org.graylog2.log4j.GelfAppender

log4j.appender.gelf=org.graylog2.log4j.GelfAppender
log4j.appender.gelf.graylogHost=127.0.0.1
log4j.appender.gelf.graylogPort=12201

2. Logstash + Kibana (ELK Stack)

The ELK stack provides excellent syntax highlighting and pattern matching. Sample Logstash config:


input {
  file {
    path => "/var/log/tomcat/*.log"
    type => "tomcat"
  }
}

filter {
  grok {
    match => { "message" => "%{TOMCATLOG}" }
  }
}

3. Apache Chainsaw

A dedicated Tomcat log viewer with tree-style exception display. Chainsaw's VFSLogFilePatternReceiver can parse catalina.out:


<log4j:configuration>
  <plugin name="LogFilePatternReceiver" 
          class="org.apache.log4j.net.VFSLogFilePatternReceiver">
    <param name="fileURL" value="file:/var/log/tomcat/catalina.out"/>
    <param name="timestampFormat" value="yyyy-MM-dd HH:mm:ss,SSS"/>
  </plugin>
</log4j:configuration>

For custom alerting, consider these approaches:

Logback with SMTPAppender


<appender name="EMAIL" class="ch.qos.logback.classic.net.SMTPAppender">
  <smtpHost>SMTP_SERVER</smtpHost>
  <to>admin@domain.com</to>
  <from>alerts@domain.com</from>
  <subject>Tomcat Error: %m</subject>
  <layout class="ch.qos.logback.classic.PatternLayout">
    <pattern>%d %-5level [%thread] %logger: %msg%n</pattern>
  </layout>
  <evaluator class="ch.qos.logback.classic.boolex.OnErrorEvaluator"/>
</appender>

Custom Script for Pattern Matching

A Python watchdog script for critical patterns:


import re
from watchdog.observers import Observer
from watchdog.events import FileSystemEventHandler

class LogHandler(FileSystemEventHandler):
    def on_modified(self, event):
        with open(event.src_path) as f:
            for line in f:
                if re.search('SEVERE|CRITICAL|OutOfMemory', line):
                    send_alert(line)
                    
observer = Observer()
observer.schedule(LogHandler(), path='/var/log/tomcat/')
observer.start()

When centralizing 30+ Tomcat instances:

  • Use log rotation (log4j's RollingFileAppender)
  • Implement proper log retention policies
  • Consider network bandwidth for remote logging
  • Use asynchronous logging (AsyncAppender) to minimize impact