KB Article #71783

SERVER LOGS: Redirecting SecureTransport logs to a SysLog server


This article provides information how to sent the log records generated by SecureTransport to a Syslog server.

Only log messages which appear in the Server Log page in the Admin UI can be sent to the Syslog server. Records from the File Tracking page (i.e. the transfer records) can not be sent to Syslog.


This article assumes that you have the Syslog server up and running.

What is needed from the Syslog server

The following properties of the Syslog server need to be known before configuring ST:

The host where the Syslog runs. It is a common practice to install/run the Syslog on the same server as SecureTransport, but this is not a requirement.

The default port on which the Syslog server listens is 514. This is the port that ST will send the logs to.

The Syslog server can have several facilities defined, one of which will be used to accept the records from ST. This facility's name should be known before configuring ST.

This article assumes that the Facility name is "USER" and the Syslog server runs on the same server as ST, i.e. the Host is

Additional information

Only Java based daemons in ST can be sent to a Syslog server directly.

Each service (daemon) has its own LOG4J file, located in $FILEDRIVEHOME/conf, which controls the logging for that service.

The appender in a LOG4J file is the place where the repository for the log records is defined. The repository can be the database (default), flat file, Syslog server or a combination of them.

The logger in a LOG4J file is defining which Java class' log output will be logged, and by which appender, and by extension - in which log repository . You can have multiple loggers for one class, each one sending the records to a different appender.

Which LOG4J file controls which service?

The following table shows which LOG4J file corresponds to which ST service

File Service
tm-log4j.xmlTransaction Manager (TM) service
admin-log4j.xmlADMIN service
as2d-log4j.xmlAS2 service
sshd-log4j.xmlSSH service
httpd-log4j.xmlHTTP service
ftpd-log4j.xmlFTP service
pesitd-log4j.xmlPESIT service

Configuring ST for Syslog

To configure ST to send the records to the Syslog server, follow the steps below.

1. Add the below appender to the "Appenders" area of the respective LOG4J file:

<appender name="SysLog" class="org.apache.log4j.net.SyslogAppender">
    <param name="SyslogHost" value="" />
    <param name="Facility" value="USER" />
    <param name="FacilityPrinting" value="true" />
    <layout class="org.apache.log4j.PatternLayout">
        <param name="ConversionPattern" value="%-5p %c{2} [%t,%M:%L] %m%n" />

2. For each of the existing loggers, which send the records to the "ServerLog" appender, add the following line:

<appender-ref ref="SysLog" />

below the "ServerLog" line inside the logger block. For example, the default logger

<logger name="com.tumbleweed" additivity="false">
    <level value="info" />
    <appender-ref ref="ServerLog" />

should become

<logger name="com.tumbleweed" additivity="false">
    <level value="info" />
    <appender-ref ref="ServerLog" />
    <appender-ref ref="SysLog" />

3. Restart the respective ST service