3.8.5. About a Management Interface Audit Logging Syslog Handler
A syslog handler specifies the parameters by which audit log entries are sent to a syslog server, specifically the syslog server's hostname and the port on which the syslog server is listening.
Sending audit logging to a syslog server provides more security options than logging to a local file or local syslog server. Multiple syslog handlers can be defined.
Syslog servers vary in their implementation, so not all settings are applicable to all syslog servers. Testing has been conducted using the rsyslog syslog implementation. The referenced RFCs are:
- http://www.ietf.org/rfc/rfc3164.txt
- http://www.ietf.org/rfc/rfc5424.txt
- http://www.ietf.org/rfc/rfc6587.txt
Table 3.7. Syslog Handler Fields
| Field | Description | Read-only |
|---|---|---|
| formatter | The name of the formatter to use to format the log records. | False |
| failure-count | The number of logging failures since the handler was initialized | True |
| max-failure-count | The maximum number of logging failures before disabling this handler. | False |
| disabled-due-to-failure | True if this handler was disabled due to logging failures. | True |
| syslog-format | Syslog format: RFC-5424 or RFC-3164. | False |
| max-length | The maximum length of a log message (in bytes), including the header. If undefined, it will default to 1024 bytes if the syslog-format is RFC3164, or 2048 bytes if the syslog-format is RFC5424. | False. |
| truncate | Whether or not a message, including the header, should truncate the message if the length in bytes is greater than the maximum length. If set to false messages will be split and sent with the same header values. | False |
