3.8.5. About a Management Interface Audit Logging Syslog Handler
A syslog handler specifies the parameters by which audit log entries are sent to a syslog server, specifically the syslog server's hostname and the port on which the syslog server is listening.
Sending audit logging to a syslog server provides more security options than logging to a local file or local syslog server. Multiple syslog handlers can be defined.
Syslog servers vary in their implementation, so not all settings are applicable to all syslog servers. Testing has been conducted using the rsyslog syslog implementation.
Table 3.8. Syslog Handler Attributes
Attribute | Description | Default Value |
---|---|---|
app-name | The application name to add to the syslog records as defined in section 6.2.5 of RFC-5424. If not specified it will default to the name of the product. | undefined |
disabled-due-to-failure | Takes the value true if this handler was disabled due to logging failures. | false |
facility | The facility to use for syslog logging as defined in section 6.2.1 of RFC-5424, and section 4.1.1 of RFC-3164. | USER_LEVEL |
failure-count | The number of logging failures since the handler was initialized. | 0 (zero) |
formatter | The name of the formatter to use to format the log records. | null |
host | The hostname of the syslog server. | localhost |
max-failure-count | The maximum number of logging failures before disabling this handler. | 10 |
max-length | The maximum length of a log message (in bytes), including the header. If undefined, it will default to 1024 bytes if the syslog-format is RFC3164 , or 2048 bytes if the syslog-format is RFC5424 . | undefined |
port | The port on which the syslog server is listening. | 514 |
protocol | The protocol to use for the syslog handler. Must be one and only one of udp , tcp or tls . | null |
syslog-format | Syslog format: RFC-5424 or RFC-3164. | RFC5424 |
truncate | Whether or not a message, including the header, is to be truncated if the length in bytes is greater than the maximum length. If set to false messages will be split and sent with the same header values. | false |