DataPower

 View Only
Expand all | Collapse all

Transactional logging, ResultsAction, syslog-tcp:///server:port, RFC5424

  • 1.  Transactional logging, ResultsAction, syslog-tcp:///server:port, RFC5424

    Posted Tue October 12, 2021 01:49 PM
    Hello Community,​

    we have to implement transactional logging from Multi-Protocol Gateway processing rule to a remote syslog sevrer using syslog-tcp protocol.

    Transactional data is XML, <AuditMessage>...more XML.. </AuditMessage>

    We did use ResultsAction, Destination ist set to syslog-tcp:///server:port

    We have to create syslog message format as described in https://datatracker.ietf.org/doc/html/rfc5424 ..

    The data, send to remote syslog sever is:     <AuditMessage>...more XML.. </AuditMessage>
    The syslog HEADER is:                                1851 <110>1 2021-09-21T16:00:00Z HOSTNAME,open,10688 1

    The remote syslog server requires the following:
    xxxxxxxxxxxxxxxxx schnipp xxxxxxxxxxxxxxxxxx

    1851 <110>1 2021-09-21T16:00:00Z HOSTNAME,open,10688 1 <AuditMessage>...more XML.. </AuditMessage>

    xxxxxxxxxxxxxxxxx schnapp xxxxxxxxxxxxxxxxxx

    So we have to implement transactional logging "xml over syslog-tcp".

    It seems, datapower does not care about creating the syslog HEADER as specified in RFC5424

    Is there anybody out there, who can report on how to realize it?

    Thanks to all, Eckehard



    ------------------------------
    Eckehard Schulze
    ------------------------------


  • 2.  RE: Transactional logging, ResultsAction, syslog-tcp:///server:port, RFC5424

    IBM Champion
    Posted Wed October 13, 2021 04:12 AM
    Hi Eckehard,

    sent one possible solution to IBM Support DataPower forum this morning. Hope it helps.

    ------------------------------
    Hermanni Pernaa
    ------------------------------