The CA API Portal EE 4.2.x is Docker affiliated and thus its logging is based on the Docker configuration.
By default when using the CA API Portal EE 4.2.x OVA, the Docker service is configured to write its data into the OS journal log.
To configure the CA API Portal EE 4.2.x to write its Docker events to a remote Syslog Server such as SPLUNK, one can follow the below example:
Edit the /etc/docker/daemon.json file.
The default file when using the CA API Portal EE 4.2.x is as below:
Now update that file to direct the Docker events to your remote Syslog Server, for example:
Update your firewall rules to allow communication via the syslog port you configured:
- First locate the correct zone on which your firewall is configured for:
In this example we update the 'drop' zone and the configuration is as follows:
./firewall-cmd --zone=drop --add-port=8089/tcp --permanent
Now, restart the Docker service by running:
./sudo systemctl restart docker
And verify that your remote Syslog Server is showing the Docker events.