Hi:
Here is some documentation I provided another customer with respect to getting logs to Splunk. The main thing is understanding journalctl and how to manage logging with that tool, otherwise not much different then what we do on the gateway to forward logs to Splunk. Let us know if this works for you.
Thanks, Alex
The portal utilizes the journalctl utility that centralizes systemd logging in a binary database that is easily searchable with command line utilities. Output can be redirected to a readable log file easily for forwarding to Enterprise monitoring tools like Splunk. Here is one such example for integration with the Splunk forwarder.
/bin/bash -c '/usr/bin/journalctl --no-tail -f -o json > /var/splunk/journald'
There are several commands with journalctl that can filter these messages to a customer's requirements such as format, message level, time range, etc. Here are some references for journalctl usage:
Red Hat Journald Documentation
A few useful command examples are:
journalctl > /tmp/journalctl.output (this will dump all log date into a text file for viewing)
journalctl -f (this will follow or "tail" the output dynamically)
Caution should be taken to rollover these files and maintain disk space on the portal for whatever log file is generated for the monitoring tool of choice.
------------------------------
Solution Architect - Security & Integration
Broadcom Software Division,
Vancouver, B.C. Canada
------------------------------
Original Message:
Sent: Dec 19, 2022 03:06 PM
From: Pravin Yadav
Subject: CA API Developer Portal Splunk Integration
Hello All
How can we route CA API Developer Portal logs to Splunk in docker env? Currently We are using CA API Developer Portal 5.0
Thanks