Symantec IGA

Hi Team,
Based on documentation, there is rsyslog function to forward log to Splunk.

Q. Can we forward Identity Portal/Manager wildfly logs to Splunk ?

Q. Can we forward the above logs without using Central Log module ?

regards,
William

For monitoring or log analysis purposes, you can forward the central log to a remote Syslog server by Modify the following Syslog configuration file: /etc/rsyslog.d/rsyslog-custom.conf

Enable a forwarding rule. Examples: Forwarding to a remote syslog server using UDP: *.* @<Remote_Syslog_IP_Address>:514 Forwarding to a remote syslog server using TCP: *.* @@<ip_address.of.remote.syslog>:514

After the central log is forwarded to a remote Syslog server, you can use applications such as Splunk to monitor and analyze the log.

https://docops.ca.com/ca-identity-suite/14-2/en/virtual-appliance/monitoring-virtual-appliance#MonitoringVirtualAppliance-MonitoringwithLogForwarding

• http://www.rsyslog.com/receiving-messages-from-a-remote-system/
  
• http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/

------------------------------
Best regards,

Scott Owens
Sr Support Engineer
Enterprise Software Division
Broadcom Inc.
------------------------------

Original Message:
Sent: 09-11-2019 06:38 AM
From: William Cheang
Subject: Identity Suite - rsyslog

Hi Team,
Based on documentation, there is rsyslog function to forward log to Splunk.

Q. Can we forward Identity Portal/Manager wildfly logs to Splunk ?

Q. Can we forward the above logs without using Central Log module ?

regards,
William

Hi Scott, i already read the rsyslog information from Docops.
The documentation did not mentioned what kind of log file is been forward to remote Syslog server.
Where to configure what kind of log file will be forward to remote Syslog server ?

regards,
William
Original Message:
Sent: 09-11-2019 10:59 AM
From: SCOTT Owens
Subject: Identity Suite - rsyslog

For monitoring or log analysis purposes, you can forward the central log to a remote Syslog server by Modify the following Syslog configuration file: /etc/rsyslog.d/rsyslog-custom.conf

Enable a forwarding rule. Examples: Forwarding to a remote syslog server using UDP: *.* @<Remote_Syslog_IP_Address>:514 Forwarding to a remote syslog server using TCP: *.* @@<ip_address.of.remote.syslog>:514

After the central log is forwarded to a remote Syslog server, you can use applications such as Splunk to monitor and analyze the log.

https://docops.ca.com/ca-identity-suite/14-2/en/virtual-appliance/monitoring-virtual-appliance#MonitoringVirtualAppliance-MonitoringwithLogForwarding

• http://www.rsyslog.com/receiving-messages-from-a-remote-system/
  
• http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/

------------------------------
Best regards,

Scott Owens
Sr Support Engineer
Enterprise Software Division
Broadcom Inc.

Original Message:
Sent: 09-11-2019 06:38 AM
From: William Cheang
Subject: Identity Suite - rsyslog

Hi Team,
Based on documentation, there is rsyslog function to forward log to Splunk.

Q. Can we forward Identity Portal/Manager wildfly logs to Splunk ?

Q. Can we forward the above logs without using Central Log module ?

regards,
William

The central log service merges all application logs to a single log file: /opt/CA/VirtualAppliance/centralLogs/vapp_central.log

Once the central log is forwarded to a remote Syslog server, you can use applications such as splunk to monitor and analyze the log.

------------------------------
Best regards,

Scott Owens
Sr Support Engineer
Enterprise Software Division
Broadcom Inc.
------------------------------

Original Message:
Sent: 09-11-2019 09:41 PM
From: William Cheang
Subject: Identity Suite - rsyslog

Hi Scott, i already read the rsyslog information from Docops.
The documentation did not mentioned what kind of log file is been forward to remote Syslog server.
Where to configure what kind of log file will be forward to remote Syslog server ?

regards,
William
Original Message:
Sent: 09-11-2019 10:59 AM
From: SCOTT Owens
Subject: Identity Suite - rsyslog

For monitoring or log analysis purposes, you can forward the central log to a remote Syslog server by Modify the following Syslog configuration file: /etc/rsyslog.d/rsyslog-custom.conf

Enable a forwarding rule. Examples: Forwarding to a remote syslog server using UDP: *.* @<Remote_Syslog_IP_Address>:514 Forwarding to a remote syslog server using TCP: *.* @@<ip_address.of.remote.syslog>:514

After the central log is forwarded to a remote Syslog server, you can use applications such as Splunk to monitor and analyze the log.

https://docops.ca.com/ca-identity-suite/14-2/en/virtual-appliance/monitoring-virtual-appliance#MonitoringVirtualAppliance-MonitoringwithLogForwarding

• http://www.rsyslog.com/receiving-messages-from-a-remote-system/
  
• http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/

------------------------------
Best regards,

Scott Owens
Sr Support Engineer
Enterprise Software Division
Broadcom Inc.

Original Message:
Sent: 09-11-2019 06:38 AM
From: William Cheang
Subject: Identity Suite - rsyslog

Hi Team,
Based on documentation, there is rsyslog function to forward log to Splunk.

Q. Can we forward Identity Portal/Manager wildfly logs to Splunk ?

Q. Can we forward the above logs without using Central Log module ?

regards,
William

Hi Scott,

Do we need to deploy the Central Log Service for the rsyslog to work?
Original Message:
Sent: 09-13-2019 08:22 AM
From: SCOTT Owens
Subject: Identity Suite - rsyslog

The central log service merges all application logs to a single log file: /opt/CA/VirtualAppliance/centralLogs/vapp_central.log

Once the central log is forwarded to a remote Syslog server, you can use applications such as splunk to monitor and analyze the log.

------------------------------
Best regards,

Scott Owens
Sr Support Engineer
Enterprise Software Division
Broadcom Inc.

Original Message:
Sent: 09-11-2019 09:41 PM
From: William Cheang
Subject: Identity Suite - rsyslog

Hi Scott, i already read the rsyslog information from Docops.
The documentation did not mentioned what kind of log file is been forward to remote Syslog server.
Where to configure what kind of log file will be forward to remote Syslog server ?

regards,
William
Original Message:
Sent: 09-11-2019 10:59 AM
From: SCOTT Owens
Subject: Identity Suite - rsyslog

For monitoring or log analysis purposes, you can forward the central log to a remote Syslog server by Modify the following Syslog configuration file: /etc/rsyslog.d/rsyslog-custom.conf

Enable a forwarding rule. Examples: Forwarding to a remote syslog server using UDP: *.* @<Remote_Syslog_IP_Address>:514 Forwarding to a remote syslog server using TCP: *.* @@<ip_address.of.remote.syslog>:514

After the central log is forwarded to a remote Syslog server, you can use applications such as Splunk to monitor and analyze the log.

https://docops.ca.com/ca-identity-suite/14-2/en/virtual-appliance/monitoring-virtual-appliance#MonitoringVirtualAppliance-MonitoringwithLogForwarding

• http://www.rsyslog.com/receiving-messages-from-a-remote-system/
  
• http://www.rsyslog.com/sending-messages-to-a-remote-syslog-server/

------------------------------
Best regards,

Scott Owens
Sr Support Engineer
Enterprise Software Division
Broadcom Inc.

Original Message:
Sent: 09-11-2019 06:38 AM
From: William Cheang
Subject: Identity Suite - rsyslog

Hi Team,
Based on documentation, there is rsyslog function to forward log to Splunk.

Q. Can we forward Identity Portal/Manager wildfly logs to Splunk ?

Q. Can we forward the above logs without using Central Log module ?

regards,
William