CA API Portal EE 4.2.x logging to Syslog

book

Article ID: 103370

calendar_today

Updated On:

Products

CA API Developer Portal CA API Gateway

Issue/Introduction

The CA API Portal EE 4.2.x is Docker affiliated and thus its logging is based on the Docker configuration.
By default when using the CA API Portal EE 4.2.x OVA, the Docker service is configured to write its data into the OS journal log.

Environment

Release: 4.X
Component: APIPRD

Resolution

To configure the CA API Portal EE 4.2.x to write its Docker events to a remote Syslog Server such as SPLUNK, one can follow the below example:

Edit the /etc/docker/daemon.json file.

The default file when using the CA API Portal EE 4.2.x is as below:



Now update that file to direct the Docker events to your remote Syslog Server, for example:



Update your firewall rules to allow communication via the syslog port you configured:

- First locate the correct zone on which your firewall is configured for:

./firewall-cmd --get-active-zones

In this example we update the 'drop' zone and the configuration is as follows:

./firewall-cmd --zone=drop --add-port=8089/tcp --permanent
./firewall-cmd --reload


Now, restart the Docker service by running:

./sudo systemctl restart docker

And verify that your remote Syslog Server is showing the Docker events.
 

Attachments