Message Logging policy can be used to log custom messages including but not limited to keeping track of the flow variables. The logging can be enabled to a local file destination or a central syslog server based on the message logging type configured.
Configuration
The two supported types are Syslog and File Logging which have to be chosen for logging into syslog server and local file system respectively. Property descriptions of these policies are explained in the following sections.
SYSLOG policy type
Property | Description | Default Value |
---|---|---|
Host name | Specify hostname or IP address of the syslog server. | localhost |
Port | Specify the port on which the syslog server is configured to listen. | 514 |
Protocol | TCP is an acknowledgment-based protocol, chosen for important security logs where log loss can not be tolerated. UDP can be chosen if performance is preferred over reliability. | TCP |
Facility | Specify the type of program that is logging the message. Options: LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, and LOCAL7. | LOCAL0 |
Severity | Specify the severity of the event being logged. Options: EMERGENCY,ALERT,CRITICAL, ERROR, WARNING,NOTICE,INFORMATIONAL, and DEBUG. | EMERGENCY |
Message | Specify the message to be logged. Message templating is supported, thus, variables' names can be combined with text to build the message in order to track the required information. | NA |
Variable Reference Prefix | Specify the prefix used for combining a variable name with the message text. | % |
Variable Reference Suffix | Specify the suffix used for combining a variable name with the message text. | % |
FILE LOGGING policy type
Property | Description | Default Value |
---|---|---|
File name with location | Specify the path of the local file destination (including the file name) | NA |
Maximum file size | Specify the maximum possible size of the log file exceeding which triggers a rollover | 1 |
Maximum Backup index | Specify the maximum number of backup files required to be stored exceeding which deletes the oldest logs and renames other files accordingly. | 1 KB |
Severity | Specify the severity of the event being logged. Options: FATAL, ERROR, WARN, INFO, and DEBUG. | FATAL |
Message | Specify the message to be logged. Message templating is supported, thus, variables' names can be combined with text to build the message in order to track the required information. | NA |
Variable Reference Prefix | Specify the prefix used for combining a variable name with the message text. | % |
Variable Reference Suffix | Specify the suffix used for combining a variable name with the message text. | % |
Examples
SYSLOG policy type example
syslog service - the standardized system logging implemented in UNIX systems has been used for the below examples. The configuration properties set in /etc/rsyslog.conf file are:
Enabled UDP and TCP reception on the mentioned ports.
Set customized format for the log message.
Configured log file destination to log all incoming messages set to local1 facility and any serverity level.
Sample 1 - TCP Protocol
Set the following configuration values:
- Message Logging Policy Type: SYSLOG
- Port: 514.
- Protocol: TCP
- Facility: LOCAL1
Output
The TCP message logged in /root/Documents/local1syslog.log file:
Sample 2 - UDP Protocol
Set the following configuration values:
- Message Logging Policy Type: SYSLOG
- Port: 5514.
- Protocol: UDP
- Facility: LOCAL1
Output
The UDP message logged in /root/Documents/local1syslog.log file:
FILE LOGGING policy type example
Since backup index is set to 3 and maximum file size 20 KB, once SLA_logs.txt exceeds 20 KB, the old logs are rolled over to SLA_logs.txt.1, SLA_logs.txt.2, SLA_logs.txt.3 and after that older logs will be deleted and then rolled over.
Output
The message logged in /root/Documents/SLA_logs.txt file: