Extending SYSLOG message/character limit for Sumo Logic Collector
search cancel

Extending SYSLOG message/character limit for Sumo Logic Collector

book

Article ID: 16355

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

How do you extend the SYSLOG message/character limit? 

Environment

API Gateway 9.x, 10.X

Cause

By default, SYSLOG is not configured to accept more than 2048 characters.  The Sumo Logic Collector, by default, supports UDP messages up to 2048 bytes. 

Resolution

Here are the two steps required to write more than 2048 characters to SYSLOG:

1. On the Gateway, add com.l7tech.server.log.syslog.maxLength system property into /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties file with the desired length (max length is 65536)

Restart the gateway

2. On the SYSLOG Server request the respective SYSLOG Admin to add or adjust the below line into collector.properties config file and then restart the collector.

collector.syslog.udp.readBufferSize = 65535

Now writing more than 2048 characters into SYSLOG from API Gateway should work.  For the TCP Syslog the Collector supports single-line TCP messages up to 65,535 bytes by default.

For more information, please see the following documentation from Sumo Logic Collector:

https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Syslog-Source#Choosing_TCP_or_UDP

Powered by Wolken Software