Writing audit log data to a syslog target

You can write audit log data to a syslog target, as shown in the following example.

To configure a syslog log target:
  1. Start the IBM® MQ Appliance web UI and click the Administration icon .
  2. Select Miscellaneous > Manage log targets.
  3. Click New.
  4. Specify a name for the log target, for example, "Logstash_target".
  5. In the General Configuration section, complete the following steps:
    1. Specify a Target Type of Syslog to send log events over UDP, or select Syslog-tcp to send log events over TCP.
    2. Select the user syslog facility.
  6. In the Source Configuration section, complete the following steps:
    1. Specify the IP address of the interface over which the syslog events are transmitted to the remote recipient.
    2. Specify a Local Identifier to help you identify log entries sent to syslog. For example, you could specify the system name of the appliance.
  7. In the Destination Configuration section, specify the IP address of the target syslog server, and optionally specify the port number (if you do not specify a port number, the default UDP port 514 or the default TCP port 25 is used).
  8. Scroll down and open the Event Subscriptions section and complete the following steps:
    1. Click Add.
    2. Select an Event Category of audit.
    If you want to write the CLI log to the syslog target too, add another event subscription, and choose an Event Category of cli.
  9. Click Apply, and when the window closes, click Save changes.