To configure the CA API Portal EE 4.2.x to write its Docker events to a remote Syslog Server such as SPLUNK, one can follow the below example:
Edit the /etc/docker/daemon.json file.
The default file when using the CA API Portal EE 4.2.x is as below:
Now update that file to direct the Docker events to your remote Syslog Server, for example:
Update your firewall rules to allow communication via the syslog port you configured:
- First locate the correct zone on which your firewall is configured for:
In this example we update the 'drop' zone and the configuration is as follows:
./firewall-cmd --zone=drop --add-port=8089/tcp --permanent
Now, restart the Docker service by running:
./sudo systemctl restart docker
And verify that your remote Syslog Server is showing the Docker events.