Extending SYSLOG message/character limit for Sumo Logic Collector

book

Article ID: 16355

calendar_today

Updated On:

Products

STARTER PACK-7 CA Rapid App Security CA API Gateway CA API Developer Portal

Issue/Introduction

I seem to have rollover and messages being cut in my SYSLOG, how do I extend SYSLOG message/character limit? 

Cause

By default, SYSLOG is not configured to accept more than 2048 characters.  The Sumo Logic Collector by default supports UDP messages up to 2048 bytes. 

Environment

CA APIM Gateway: 9.X running on any form factors

Resolution

Here are the two steps needing to be done for writing more than 2048 characters to SYSLOG:

 

1. On the Gateway, add com.l7tech.server.log.syslog.maxLength system property into /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties file with the desired length (max length is 65536)

Restart the gateway

 

2. On the SYSLOG Server request the respective SYSLOG Admin to add or adjust the below line into collector.properties config file and then restart the collector.

 

collector.syslog.udp.readBufferSize = 65535

 Now writing more than 2048 characters into SYSLOG from API Gateway should work.  For TCP Syslog the Collector supports single-line TCP messages up to 65,535 bytes by default.

For more information, please see the following documentation from Sumo Logic Collector:

https://help.sumologic.com/03Send-Data/Sources/01Sources-for-Installed-Collectors/Syslog-Source#Choosing_TCP_or_UDP

Attachments