Skip to main content
Jamf Nation, hosted by Jamf, is a knowledgeable community of Apple-focused admins and Jamf users. If you like what you see, join us in person at the ninth annual Jamf Nation User Conference (JNUC) this October for three days of learning, laughter and IT love.

Integrating with Graylog


You can integrate an on-premise Jamf Pro server (formerly JSS) instance with Graylog, a log management solution. This integration allows you to view, search, and create dashboards of Jamf Pro log information.

Note: This article assumes you already have a Graylog environment configured. If you have not configured a Graylog environment, do so before following the procedure below. For more information, see


Before integrating your Jamf Pro server with Graylog, a Graylog Extended Log Format (GELF) UDP Input must be configured to receive log information from Jamf Pro.

To configure Graylog to receive log information from Jamf Pro:

  1. Log in to your Graylog environment.
  2. Select "Inputs" from the System pop-up menu found at the top of the screen.
  3. Select "GELF UDP" from the Select Input pop-up menu, and then click Launch new input.
  4. Configure the settings on the pane. Note: The port you specify must match the port specified in the file found within the Tomcat WEB-INF/classes directory.
  5. Click Save.

Graylog is now configured to accept incoming log information from Jamf Pro.

To integrate the Jamf Pro server with Graylog:

  1. Download the gelfj.jar file found here:
  2. Download the simple-json-1.1.1.jar file found here:
  3. Add the gelfj.jar and the simple-json-1.1.1.jar files to the Tomcat WEB-INF/lib directory. Note: The location of the Tomcat WEB-INF/lib directory varies depending on the platform and the way you installed Jamf Pro. Common locations for the directory are listed below.

If you used the Jamf Pro Installer to install Jamf Pro, the directory is located at:
- Mac: /Library/JSS/Tomcat/webapps/ROOT/WEB-INF/lib
- Linux: /var/local/JSS/Tomcat/webapps/ROOT/WEB-INF/lib
- Windows: C:\Program Files\JSS\Tomcat\webapps\ROOT\WEB-INF\lib

If you did not use the Jamf Pro installer to install Jamf Pro, the directory is located at:
- Mac: /Library/Tomcat/webapps/ROOT/WEB-INF/lib
- Linux: /var/lib/Tomcat/webapps/ROOT/WEB-INF/lib
- Windows: C:\Program Files\Apache Tomcat7\webapps\ROOT\WEB-INF\lib
4. Navigate to the Tomcat WEB-INF/classes directory and add the following information to the file:

#Define the graylog2 destination
#Can be set to any log4j level (e.g.. INFO, DEBUG, ERROR, WARN, NONE)
log4j.appender.graylog2.Threshold = DEBUG
#Edit graylogHost value to match the IP address of your Graylog server
#The originHost line is optional
#The additionalFields can be edited or removed
log4j.appender.graylog2.additionalFields={'environment': 'DEV', 'application': 'Jamf Pro'}

5. Change “log4rootlogger=INFO,JAMF” to “log4rootlogger=INFO,JAMF,graylog2
6. Save the changes you made to the file.

Note: It is recommended that you save a copy of the modified file in a location other than the Tomcat webapps ROOT directory. When upgrading Jamf Pro, changes made to the file are overwritten. Saving a copy of the modified file allows you to easily reinstate your changes after an upgrade.
7. Restart Tomcat.
See Starting and Stopping Tomcat for instructions.

You can now use Graylog to view the log information from your Jamf Pro server.

Note: If you have a clustered environment, you must configure each instance of the Jamf Pro web application separately if you wish to integrate each instance with Graylog.

Additional Information

For additional information about Graylog, visit the following webpage:

Like Comment
SOLVED Posted: by nstrauss

Instructions worked perfectly for me. Wanted to comment you can also send JSSAccess.log and JAMFChangeManagement.log data to Graylog by adding graylog2 like below...,JAMFCMFILE,graylog2,JAMFCMSYSLOG,graylog2,JSSACCESSLOG,graylog2

Otherwise the instructions provided will only send JAMFSoftwareServer.log data.