Configure remote syslog agents
Use the logcfg entry to configure the remote syslog agent to send events to a remote syslog server for recording. For example:
[aznapi-configuration] logcfg = category:rsyslog,error_retry=timeout,log_id=id, path=name,flush_interval=number_seconds,max_event_len=length, rebind_retry=timeout,server=hostname,port=number, ssl_keyfile=key_file,ssl_label=label,ssl_stashfile=stash_file, queue_size=number,hi_water=number
The agent accepts requests to log an event remotely on a best effort basis only. If the remote syslog server is not available, the agent buffers events in a local cache file. When the server becomes available again, the agent sends the events to the server.
Caching does not occur if we configure the agent to use clear text communication with the syslog server. Clear text communication occurs over the User Datagram Protocol (UDP), which does not guarantee message delivery. In this configuration, the network layer does not notify the agent if the server does not receive the event. This means that events can be lost if the remote syslog server becomes unavailable. If we do not want to use clear text communication, we can configure SSL. For SSL communication, the agent uses the TLS Cipher Suite to encrypt the data.
- Parameters for remote syslog agents
We can define the following parameters for remote syslog agents:- Sending events to a remote syslog server
We can configure IBM Security Verify Access to send event records to a remote syslog server.
Parent topic: Defining logcfg entries