CA API Portal EE 4.2.x logging to Syslog

Document ID : KB000103370
Last Modified Date : 27/06/2018
Show Technical Document Details
Introduction:
The CA API Portal EE 4.2.x is Docker affiliated and thus its logging is based on the Docker configuration.
By default when using the CA API Portal EE 4.2.x OVA, the Docker service is configured to write its data into the OS journal log.
Instructions:
To configure the CA API Portal EE 4.2.x to write its Docker events to a remote Syslog Server such as SPLUNK, one can follow the below example:

Edit the /etc/docker/daemon.json file.

The default file when using the CA API Portal EE 4.2.x is as below:

default /etc/docker/daemon.json file

Now update that file to direct the Docker events to your remote Syslog Server, for example:

/etc/docker/daemon.json configured to send to remote syslog server.

Update your firewall rules to allow communication via the syslog port you configured:

- First locate the correct zone on which your firewall is configured for:

./firewall-cmd --get-active-zones

In this example we update the 'drop' zone and the configuration is as follows:

./firewall-cmd --zone=drop --add-port=8089/tcp --permanent
./firewall-cmd --reload


Now, restart the Docker service by running:

./sudo systemctl restart docker

And verify that your remote Syslog Server is showing the Docker events.