When configuring log forwarding (such as on a vApp environment), logs may fail to appear on the destination syslog server even after following standard setup procedures. To determine if the issue lies with the source machine, the network, or the target server, you can manually generate native syslog messages to test connectivity.

• Operating System: CentOS, RHEL, or most standard Linux distributions.
• Product Context: CA Identity Suite vApp or Log Decoders.

Follow these steps to manually send a test message from your Linux terminal to a remote syslog server.

1. Access the Source Machine: Log in to the Linux server that should be sending the logs.

2. Send a UDP Test Message (Port 514): Run the following command, replacing <target_ip> with your syslog server's IP address:

   bash

    

   echo "<14>Test UDP syslog message" >> /dev/udp/<target_ip>/514

3. Send a TCP Test Message (Port 514): Run the following command:

   bash

    

   echo "<14>Test TCP syslog message" >> /dev/tcp/<target_ip>/514

4. Verify on Target Server: Log in to the destination syslog server and check the logs (e.g., /var/log/messages or your SIEM dashboard) to confirm receipt of the "Test message" string.

• The Keyword Requirement: You must include a "keyword" or priority marker (like <14>) at the start of the string. Without this, some Log Decoders will record the event as "Unidentified content" in /var/log/messages rather than processing it correctly.
• Priority Markers: The <14> prefix represents a specific facility and level. You can experiment with different numerical values if your environment requires specific filtering.
• Related Documentation: If connectivity is verified but logs still do not flow, refer to How to Configure and Verify Log Forwarding on vApp

   

   

   
  .