Subscribe

WFA syslog.conf facility configuration

Hi all,

 

Have configured WFA syslog with INFO level.

 

In syslog.conf, was able to see very detailed messaged comming in with a tail -f ( login, all the commands executed in a workflow, etc ) using *.info .

 

The * is the facility.

 

As we are not using rsyslog but the old syslog, does anyone know the facility WFA uses?

 

Thanks in advance.

Re: WFA syslog.conf facility configuration

Here in WFA we have tested with “Kiwi Syslog server”.

Re: WFA syslog.conf facility configuration

Hi Sharaf,

 

Was the kiwi syslog shared with other applications?

 

Looking for the facility as we don't have rsyslog, but the old syslog with fixed facilities.

 

Thanks in advance.

Re: WFA syslog.conf facility configuration

[ Edited ]

Hi

 

Kiwi Syslog was not shared with other applications.

 

Regards

Sharaf

Re: WFA syslog.conf facility configuration

I am starting to believe that this will work only with rsyslog for non-standalone syslogs.

 

Standalone syslog is not an option in production.

 

Thx!

Re: WFA syslog.conf facility configuration

Honestly, I'm still not able to understand your problem.

 

What exactly are you trying to achieve and what issues are you facing?

 

If you can elaborate, it will help me try to solve it.

 

sinhaa

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: WFA syslog.conf facility configuration

Hi Sinhaa,

 

I am trying to configure syslog.conf in a Linux server , which I have already configured in the WFA Administration->Syslog

 

The linux server has the syslogd and not the rsyslogd ( so we only have access to fixed syslog facilities )

 

The syslog.conf has a configuration that is similar to <FACILITY>.<SEVERITY>                                  /var/log/file_name.log

 

So if we configure for example *.info           /var/log/wfa.log we receive the syslogs from WFA

 

The problem is that a syslog server in production is usually shared with other applications and appliances.


So for example in a netapp filer, an authentication issue is configured as a LOCAL7 severity, then in syslog.conf, you configure local7.*     /var/log/netapp_authentication .

 

The facilities as you can see are used to separate application or appliances in the same syslog server.

 

That is why I was asking the FACILITY WFA uses so we could try <WFA_FACILITY>.INFO     /var/log/wfa.log

 

Thanks in advance!

 

Luciano.

 

 

Re: WFA syslog.conf facility configuration

Hi Luciano,

       I'll get back to you on this. Im not sure I have the right answers at the monent.

 

warm regards,

Abhishek Sinha

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

Re: WFA syslog.conf facility configuration

Thanks Sinha, will await for your response. Thanks in advance.