CA API Portal EE 4.2.x logging to Syslog

Article Id: 103370
Status: Published
Updated On: 26-06-2018 21:08
Products:
CA API Developer Portal CA API Gateway
Issue/Introduction:

The CA API Portal EE 4.2.x is Docker affiliated and thus its logging is based on the Docker configuration.
By default when using the CA API Portal EE 4.2.x OVA, the Docker service is configured to write its data into the OS journal log.

Environment:

Release:
Component: APIPRD

Resolution:

To configure the CA API Portal EE 4.2.x to write its Docker events to a remote Syslog Server such as SPLUNK, one can follow the below example:

Edit the /etc/docker/daemon.json file.

The default file when using the CA API Portal EE 4.2.x is as below:

<Please see attached file for image>

default /etc/docker/daemon.json file

Now update that file to direct the Docker events to your remote Syslog Server, for example:

<Please see attached file for image>

/etc/docker/daemon.json configured to send to remote syslog server.

Update your firewall rules to allow communication via the syslog port you configured:

- First locate the correct zone on which your firewall is configured for:

./firewall-cmd --get-active-zones

In this example we update the 'drop' zone and the configuration is as follows:

./firewall-cmd --zone=drop --add-port=8089/tcp --permanent
./firewall-cmd --reload

Now, restart the Docker service by running:

./sudo systemctl restart docker

And verify that your remote Syslog Server is showing the Docker events.
 

insert_drive_file 1558700536792000103370_sktwi1f5rjvs16k6f.png
arrow_downward Download
insert_drive_file 1558700534733000103370_sktwi1f5rjvs16k6e.png
arrow_downward Download