IBM Performance Management

Enabling syslog

If you want the DataPower® agent to monitor the system logs of the DataPower Appliance, in addition to setting up the syslog on the appliance, you must also enable syslog on the computer that hosts the DataPower agent.

Before you begin

If the DataPower agent is installed on a Windows operating system, you must first install a system log daemon on the computer to collect the system logs. Alternatively, you can save the system log files on a shared disk and ensure that the agent has the authority to read the system log files on that disk.

Procedure

To enable syslog, depending on the operating system that hosts the DataPower agent, complete one of the following procedures:

On Red Hat Enterprise Linux 6, to open the syslog.conf file, run the vi /etc/syslog.conf command.
1. Append the Syslog_fac.* /var/log/filename command to the end of the syslog.conf file and save it. Syslog_fac is the syslog facility and file name is the name of the file where you save the syslog.
2. To open the syslog.conf file, run the vi /etc/syslog.conf command.
3. Change the value of the SYSLOGD_OPTIONS parameter to the following value: SYSLOGD_OPTIONS = "-m 0 -r"
  Note: Depending on the Linux distribution, this variable might also be named SYSLOGD_PARAMS.
4. To restart the syslog server, run the service syslog restart command.
On SUSE Linux Enterprise Server 11, to enable syslog-ng, complete the following steps:
1. To open the syslog file, run the vi /etc/sysconfig/syslog command.
2. Verify that the value of the SYSLOG_DAEMON parameter is syslog-ng.
3. In the syslog-ng.conf file, append the following line to the definition of the src source:
```
tcp(ip("ip_address") port(port_number) keep-alive(yes)); 
```
  Where ip_address is the IP address of the computer that hosts the DataPower agent and port_number is the port number that is used for receiving syslog-ng messages.
4. To filter messages from the DataPower appliances, in the syslog-ng.conf file, create a filter. For example, the
```
filter f_dp {level(debug..emerg) and facility(user);}; 
```
  filter statement defines a filter that accepts messages from the debug level to the emergency level that specify the user as the syslog facility.
5. In the syslog-ng.conf file, use a destination statement to define where the messages are written as shown in the following example:
```
destination dplog {file("/var/log/dpsyslog.log");};
```
  This destination statement specifies that messages are written to the dpsyslog.log file in the /var/log directory.
6. In the syslog-ng.conf file, use a log statement to connect sources and destinations. For example, the
```
log {source(src);filter(f_dp);destination(dplog);};
```
  log statement connects the src source and the dplog destination.
7. Save the syslog-ng.conf file.
8. To restart the syslog server, run the /etc/init.d/syslog restart command.