Layer7 API Management

 View Only
  • 1.  CA API Developer Portal Splunk Integration

    Posted Dec 19, 2022 08:56 PM
    Hello All

    How can we route CA API Developer Portal logs to Splunk in docker env? Currently We are using CA API Developer Portal 5.0


  • 2.  RE: CA API Developer Portal Splunk Integration

    Broadcom Employee
    Posted Jan 18, 2023 03:32 PM

    Hi : 

    We don't have any documentation, specifically, for configuring the Portal to Splunk. We have a KB article that outlines steps on how to configure the Portal to write to a remote syslog. The steps should be still valid for Portal 5.X. 

    CA API Portal EE 4.2.x logging to Syslog

    With that being said, Splunk does not recommend being used as a syslog server.
    Universal forwarder vs. Dedicated rsyslog /syslog-ng servers to forward syslog to splunk indexer 


  • 3.  RE: CA API Developer Portal Splunk Integration

    Posted Mar 13, 2023 02:07 PM

    Thank you Gustavo Azolas 

  • 4.  RE: CA API Developer Portal Splunk Integration

    Broadcom Employee
    Posted Jan 19, 2023 12:50 AM

    Here is some documentation I provided another customer with respect to getting logs to Splunk.  The main thing is understanding journalctl and how to manage logging with that tool, otherwise not much different then what we do on the gateway to forward logs to Splunk.   Let us know if this works for you.

    Thanks, Alex 

    The portal utilizes the journalctl utility that centralizes systemd logging in a binary database that is easily searchable with command line utilities.  Output can be redirected to a readable log file easily for forwarding to Enterprise monitoring tools like Splunk.  Here is one such example for integration with the Splunk forwarder. 

    /bin/bash -c '/usr/bin/journalctl --no-tail -f -o json > /var/splunk/journald'

    There are several commands with journalctl that can filter these messages to a customer's requirements such as format, message level, time range, etc.   Here are some references for journalctl usage:

    Red Hat Journald Documentation

    A few useful command examples are:

    journalctl  >  /tmp/journalctl.output      (this will dump all log date into a text file for viewing)

    journalctl -f                                                 (this will follow or "tail" the output dynamically)

    Caution should be taken to rollover these files and maintain disk space on the portal for whatever log file is generated for the monitoring tool of choice. 

    Solution Architect - Security & Integration
    Broadcom Software Division,
    Vancouver, B.C. Canada