API Gateway: Some log entries are not being seen in Syslog server
search cancel

API Gateway: Some log entries are not being seen in Syslog server

book

Article ID: 198154

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

This article will discuss why some log entries are present in the API Gateway logs but not on a syslog server, and how to get it to work as expected. This article will assume that a syslog connection is already created. If a syslog connection hasn't yet been created, please review the documentation for doing so.

For example, the following log entry is present in the API Gateway, and needs to see it on the syslog server too but currently is not seen in the syslog server:

2020-06-16T19:32:00.052+0000 WARNING 1104 com.l7tech.server.policy.assertion.ServerHttpRoutingAssertion: 4042: Problem routing to http://localhost:8081/contest2. Error msg: Unable to obtain HTTP response from http://localhost:8081/contest2: Read timed out. Timed out at 30000ms

Environment

This article applies to all supported API Gateway versions with a Syslog server connection setup.

Cause

If the log entry is not seen in the syslog server, it's because there are filters getting in the way on the log sink properties.

Resolution

Remove or add any filters needed to allow the log entry to be present on the syslog server too. This includes the following areas for review:

  • Ensure that the Syslog Properties has the appropriate filters for the use-case - if there are too many or too few, this can impact what is seen by the syslog
  • Ensure that the appropriate Severity threshold is set for the use-case requirements
  • Ensure that Gateway Log category filter is enabled on the syslog configuration for log entries, depending on the use-case requirements
  • Ensure that Audits category filter is enabled on the syslog configuration for audit entries, depending on the use-case requirements
  • Ensure that the log.levels cluster-wide property (CWP) is set to define the package class on a log sink

If it is felt that the configuration is correct on the syslog setup but are still not seeing what is expected on the syslog server, then please open a support case with Broadcom Support and ensure to include the following details when doing so:

  1. Screenshots of each tab of the Syslog configuration that contains the connection to the backend syslog server
  2. Copy of the log entry seen which is intended to also be seen on the syslog server but only seen in the log files (the full log file too for context would be helpful)
  3. Screenshot or copy of the log.levels CWP if defined
Powered by Wolken Software