KB Article #71783
SERVER LOGS: Redirecting SecureTransport logs to a SysLog server
Problem
This article provides information how to sent the log records generated by SecureTransport to a Syslog server.
Only log messages which appear in the Server Log page in the Admin UI can be sent to the Syslog server. Records from the File Tracking page (i.e. the transfer records) can not be sent to Syslog.
Resolution
This article assumes that you have the Syslog server up and running.
What is needed from the Syslog server
The following properties of the Syslog server need to be known before configuring ST:
Host
The host where the Syslog runs. It is a common practice to install/run the Syslog on the same server as SecureTransport, but this is not a requirement.
Port
The default port on which the Syslog server listens is 514. This is the port that ST will send the logs to.
Facility
The Syslog server can have several facilities defined, one of which will be used to accept the records from ST. This facility's name should be known before configuring ST.
This article assumes that the Facility name is "USER" and the Syslog server runs on the same server as ST, i.e. the Host is 127.0.0.1.
Additional information
Only Java based daemons in ST can be sent to a Syslog server directly.
Each service (daemon) has its own LOG4J file, located in $FILEDRIVEHOME/conf, which controls the logging for that service.
The appender in a LOG4J file is the place where the repository for the log records is defined. The repository can be the database (default), flat file, Syslog server or a combination of them.
The logger in a LOG4J file is defining which Java class' log output will be logged, and by which appender, and by extension - in which log repository . You can have multiple loggers for one class, each one sending the records to a different appender.
Which LOG4J file controls which service?
The following table shows which LOG4J file corresponds to which ST service
| File | Service |
|---|---|
| tm-log4j.xml | Transaction Manager (TM) service |
| admin-log4j.xml | ADMIN service |
| as2d-log4j.xml | AS2 service |
| sshd-log4j.xml | SSH service |
| httpd-log4j.xml | HTTP service |
| ftpd-log4j.xml | FTP service |
| pesitd-log4j.xml | PESIT service |
Configuring ST for Syslog
To configure ST to send the records to the Syslog server, follow the steps below.
1. Add the below appender to the "Appenders" area of the respective LOG4J file:
<!-- APPENDER TO LOG TO SYSLOG -->
<appender name="SysLog" class="org.apache.log4j.net.SyslogAppender">
<param name="SyslogHost" value="127.0.0.1" />
<param name="Facility" value="USER" />
<param name="FacilityPrinting" value="true" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%-5p %c{2} [%t,%M:%L] %m%n" />
</layout>
</appender>
2. For each of the existing loggers, which send the records to the "ServerLog" appender, add the following line:
<appender-ref ref="SysLog" />
below the "ServerLog" line inside the logger block. For example, the default logger
<logger name="com.tumbleweed" additivity="false">
<level value="info" />
<appender-ref ref="ServerLog" />
</logger>
should become
<logger name="com.tumbleweed" additivity="false">
<level value="info" />
<appender-ref ref="ServerLog" />
<appender-ref ref="SysLog" />
</logger>
3. Restart the respective ST service