How to Configure and Verify Log Forwarding on vApp
search cancel

How to Configure and Verify Log Forwarding on vApp

book

Article ID: 138132

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Governance CA Identity Portal CA Identity Suite

Issue/Introduction

How to configure syslog/log forwarding on vApp?

Do I need to deploy Central Log service on vApp for log forwarding?

How to verify if log forwarding works?



Environment

Release : 14.2, 14.3, 14.4

Component : CA IDENTITY SUITE (VIRTUAL APPLIANCE)

Resolution

vApp comes with rsyslog, if you run the following command as 'config' user you will see the version of rsyslog


rsyslogd -version


config@hostname VAPP-14.3.0 (xx.xx.xx.xx):~ > rsyslogd -version

rsyslogd 5.8.10, compiled with:

        FEATURE_REGEXP:                         Yes

        FEATURE_LARGEFILE:                      No

        GSSAPI Kerberos 5 support:              Yes

        FEATURE_DEBUG (debug build, slow code): No

        32bit Atomic operations supported:      Yes

        64bit Atomic operations supported:      Yes

        Runtime Instrumentation (slow code):    No


To configure log forwarding, as 'config' user you can do the configuration in /etc/rsyslog.d/rsyslog-custom.conf file. The /etc/rsyslog.conf loads the contents of /etc/rsyslog.d/rsyslog-custom.conf. For example if I configure below line in /etc/rsyslog.d/rsyslog-custom.conf file


*.* @@10.10.10.10:514


vApp will forward all syslog data to 10.10.10.10 syslog server that listens on tcp/514.

Restart rsyslog after you save configuration in /etc/rsyslog.d/rsyslog-custom.conf


service rsyslog restart


Please refer to below documentation for more details


Monitoring with Log Forwarding (http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/identity-suite/14-3/virtual-appliance/monitoring-virtual-appliance.html#concept.dita_623d8fec621bc878635f3ca9102edc2337ff98c7_MonitoringwithLogForwarding)


You don't need to deploy Central Log service on vApp for log forwarding. However, without Central Log service Identity Manager, Identity Governance, Identity Portal, JCS services won't write logs to syslog, so you cannot forward these application logs. Once you have Central Log service these applications write logs to syslog and all application logs (from the entire cluster) will merge into single log file, i.e. /opt/CA/VirtualAppliance/centralLogs/vapp_central.log. You only need to deploy Central Log service on one vApp node to have this merged application log.


Central Log service will run rsyslog as syslog server that listens on udp/514.


So, ideally if you want to forward vApp log to an external monitoring system, you should configure Log Forwarding on the vApp node where you have Central Log service runs.


To test and verify the log forwarding you can stand a Linux box with rsyslog installed. On this Linux box you can configure rsyslog to be the syslog server that will receive forwarded log from vApp. For example, on this Linux box, modify /etc/rsyslog.conf by uncommenting the following 2 lines


$ModLoad imtcp

$InputTCPServerRun 514


And add the following 2 lines at the bottom


$template TmplAuth, "/var/log/%HOSTNAME%.log"

*.* ?TmplAuth


And then restart rsyslog.


On the vApp (preferably on the vApp where Central Log service is running), modify /etc/rsyslog.d/rsyslog-custom.conf adding the following line at the bottom


*.* @@10.10.10.10:514


10.10.10.10 is the IP address of the configured Linux syslog server above. Double '@' character is used to specified TCP connection.


And then I restarted rsyslog

   service rsyslog restart


On the Linux syslog server box you can verify that /var/log/<vApp node's hostname>.log will be generated and contains all the forwarded log.

Powered by Wolken Software