Forwarding logs to a remote syslog server
Configure the appliance to forward the contents of specific log files to a remote syslog server.
About this task
The preferred logging approach for the appliance is to send the logs to an external server. This approach can also meet certain compliance requirements.
When the remote syslog forwarding capability is enabled, it monitors local log files and forwards log entries from specific log files to a remote syslog server when new log entries are written in the local log files.
- Each line in the appliance standard log file is treated as a separate remote syslog message.
- All messages from a single log file are sent to the remote syslog server using the same facility and severity, as specified in the configuration.
rsyslogforwarding mechanism implements LF based framing.
- Click .
Configure the remote syslog server settings as needed.
- Adding a remote syslog server definition
- Click Add.
- Specify the details for the remote syslog server.
- The IP address or hostname of the remote syslog server to which messages are to be forwarded.
- The port on which the remote syslog server is listening for requests.
- If selected, additional debug information will be included in the log file for the remote syslog forwarder process. The log file can be accessed from the rsyslog_forwarder directory of the Viewing application log files page.
- The protocol which will be used to communicate with the remote syslog server.
- The format of syslog messages which are forwarded to the remote syslog server.
- Click Save.
- Specifying the log sources for a remote log server
- Select the remote syslog server to send logs to.
- Click Sources.
- Click Add to add a log source.
- Specify the details for the log source and then click
Note: The values are not saved on the server side until you click Save in Step f.
- Name of the log source.
- Instance Name
- Name of the instance that the source log file belongs to. This field is available only if WebSEAL or Azn_Server is selected in the Name field.
- Log file
- Name of the source log file. This field is available only if WebSEAL or Azn_Server is selected in the Name field.
- The tag to add to the sent log entries.
- The facility with which to send the log entries to the remote server. All messages will be sent with the specified facility code. The available codes can be found at: https://en.wikipedia.org/wiki/Syslog#Facility
- The severity of the sent log entries. All messages will be sent with the specified severity level.
- If you want to add multiple log sources, repeat the previous two steps
- Click Save.