Sending WebSphere DataPower XC10 Appliance log records to a remote UNIX system with syslog

You can enable remote logging to send log entries to a remote server. Remote logging can helpful to save information for auditing purposes.

Before you begin

Appliance administration permission is required.
Refer to your own operating system documentation for specific instructions on how to setup syslog daemon and receive syslog records.
WebSphere® DataPower® XC10 Appliance supports the syslog protocol RFC 3164.
Log records are sent with the User Datagram Protocol (UDP) and are therefore fire-and-forget, which means that message delivery is not guaranteed as per the UDP protocol.
Note which container server processes are subject to being logged and sent to the remote system on the WebSphere DataPower XC10 Appliance:
- cs
- xsServer00-xsServerXY: Where XY represents the number of container processes on the appliance.
- xsa.admin
When remote logging is enabled, all the processes are subject to being sent to a syslogd. When remote logging is disabled, none of the processes are sent to a syslogd. If one of the processes is down or temporarily unavailable, then logging continues on the processes that are still active. If you suspect issues with syslog on WebSphere DataPower XC10 Appliance and must troubleshoot, you can add a tracing level of SYSLOG=all in the appliance user interface.

About this task

Use remote logging for long-term archival of archived logged events. Your WebSphere DataPower XC10 Appliance keeps log records in a limited number of log files, for a limited amount of time to save space. Configure and enable remote logging on WebSphere DataPower XC10 Appliance to archive the log records for a longer time or to analyze archived log records beyond the log expiration date.

Procedure

In the appliance user interface, click Appliance > Troubleshooting > Logging.
In the Configure remote logging section, select Enable remote logging. This setting enables remote logging for analysis of historical data. You must have a syslogd server available to listen for and capture events. Specify the following settings:
1. Remote host - Specifies the host name or IP address of the remote syslogd server to which you want to send log records. The value cannot be "localhost," "locahost-v6," "127.0.0.1," or "::1". Ensure that you can ping the host or IP address from the appliance.
2. Remote port - Specifies the port number of the syslogd server to which you want to send log records. Valid values are 0-65535, and the default value is 512.
3. Threshold: Specifies the threshold of the severity of messages that you want to send to the remote logging server. To send both warning and severe messages, enter a value of WARNING. To send severe messages only, select SEVERE.
4. Syslog facility: Specifies the syslog logging facility that is used to send log messages. This setting determines the file to which the log message is placed by the syslog daemon that is running on the remote system. For example, if you set the facility to user, then most syslog daemons store the message a /var/log/user.log file. If you select mail, the syslog daemon stores the message in the /var/log/mail.log file. The destination of your log records depends on how you configured the syslog daemon. For information about syslogd configuration, refer to the instructions for your operating system.
To edit the settings, click Apply changes. Changes are applied to all processes that are subject to syslog messages.

Results

Appliance log records are sent to your configured remote logging server for archival and analysis.