Forwarding logs to a remote syslog server

Configure the appliance to forward the contents of specific log files to a remote syslog server.

About this task

The preferred logging approach for the appliance is to send the logs to an external server. This approach can also meet certain compliance requirements.

When the remote syslog forwarding capability is enabled, it monitors local log files and forwards log entries from specific log files to a remote syslog server when new log entries are written in the local log files.

Note:
  • Each line in the appliance standard log file is treated as a separate remote syslog message.
  • All messages from a single log file are sent to the remote syslog server using the same facility and severity, as specified in the configuration.
  • The rsyslog forwarding mechanism implements LF based framing.

Procedure

  1. Click Monitor > Logs > Remote Syslog Forwarding.
  2. Configure the remote syslog server settings as needed.
    Adding a remote syslog server definition
    1. Click Add.
    2. Specify the details for the remote syslog server.
      Server
      The IP address or hostname of the remote syslog server to which messages are to be forwarded.
      Port
      The port on which the remote syslog server is listening for requests.
      Debug
      If selected, additional debug information will be included in the log file for the remote syslog forwarder process. The log file can be accessed from the rsyslog_forwarder directory of the Viewing application log files page.
      Protocol
      The protocol which will be used to communicate with the remote syslog server.
      Format
      The format of syslog messages which are forwarded to the remote syslog server.
    3. Click Save.
    Specifying the log sources for a remote log server
    1. Select the remote syslog server to send logs to.
    2. Click Sources.
    3. Click Add to add a log source.
    4. Specify the details for the log source and then click OK.
      Name
      Name of the log source.
      Instance Name
      Name of the instance that the source log file belongs to. This field is available only if WebSEAL or Azn_Server is selected in the Name field.
      Log file
      Name of the source log file. This field is available only if WebSEAL or Azn_Server is selected in the Name field.
      Tag
      The tag to add to the sent log entries.
      Facility
      The facility with which to send the log entries to the remote server. All messages will be sent with the specified facility code. The available codes can be found at: https://en.wikipedia.org/wiki/Syslog#Facility
      Severity
      The severity of the sent log entries. All messages will be sent with the specified severity level.
      Note: The values are not saved on the server side until you click Save in Step f.
    5. If you want to add multiple log sources, repeat the previous two steps
    6. Click Save.