Configure the appliance to forward the contents of specific log files to a
remote syslog server.
About this task
The preferred logging approach for the appliance is to send the logs to an
external server. This approach can also meet certain compliance requirements.
When the remote syslog forwarding capability is enabled, it monitors local log
files and forwards log entries from specific log files to a remote syslog server when new log
entries are written in the local log files.
Note:
- Each line in the appliance standard log file is treated as a separate remote syslog
message.
- All messages from a single log file are sent to the remote syslog server using the
same facility and severity, as specified in the configuration.
- The
rsyslog
forwarding mechanism implements LF based
framing.
Procedure
-
Click .
-
Configure the remote syslog server settings as needed.
- Adding a remote syslog server definition
-
- Click Add.
- Specify the details for the remote syslog server.
- Server
- The IP address or hostname of the remote syslog server to which messages are to be
forwarded.
- Port
- The port on which the remote syslog server is listening for requests.
- Debug
- If selected, additional debug information will be included in the log file for the remote syslog
forwarder process. The log file can be accessed from the rsyslog_forwarder
directory of the Viewing application log files
page.
- Protocol
- The protocol which will be used to communicate with the remote syslog server.
- Format
- The format of syslog messages which are forwarded to the remote syslog server.
- Click Save.
- Specifying the log sources for a remote log server
-
- Select the remote syslog server to send logs to.
- Click Sources.
- Click Add to add a log source.
- Specify the details for the log source and then click
OK.
- Name
- Name of the log source.
- Instance Name
- Name of the instance that the source log file belongs to. This field is available only if
WebSEAL or Azn_Server is selected in the
Name field.
- Log file
- Name of the source log file. This field is available only if WebSEAL or
Azn_Server is selected in the Name field.
- Tag
- The tag to add to the sent log entries.
- Facility
- The facility with which to send the log entries to the remote server. All
messages will be sent with the specified facility code. The available codes can be found at:
https://en.wikipedia.org/wiki/Syslog#Facility
- Severity
- The severity of the sent log entries. All messages will be sent with the
specified severity level.
Note: The values are not saved on the server side until you click Save
in Step f.
- If you want to add multiple log sources, repeat the previous two steps
- Click Save.