To configure the CA API Portal EE 4.2.x to write its Docker events to a remote Syslog Server such as SPLUNK, one can follow the below example:

Edit the /etc/docker/daemon.json file.

The default file when using the CA API Portal EE 4.2.x is as below:

Now update that file to direct the Docker events to your remote Syslog Server, for example:

Update your firewall rules to allow communication via the syslog port you configured:

- First locate the correct zone on which your firewall is configured for:

./firewall-cmd --get-active-zones

In this example we update the 'drop' zone and the configuration is as follows:

./firewall-cmd --zone=drop --add-port=8089/tcp --permanent
./firewall-cmd --reload

Now, restart the Docker service by running:

./sudo systemctl restart docker

And verify that your remote Syslog Server is showing the Docker events.