Objective
This article describes how to enable syslog over TCP in ADC.
Background
Syslog is the standard used for logging information. Syslog enables isolation of the system that generates information and the system that stores the information. Syslog usage is quite common in Network implementations today. It allows network administrators to consolidate logging information and derive insights from the collected data. Syslog can be used to log different types of events.
Syslog originally was designed to work over UDP as it is a lot of information transmitted to other nodes within same network where packet loss is minimal. Thus over years several Syslog implementations over UDP worked really well and ADC supports that from inception of the product line.Syslog over TCP is not as common in Enterprises but quite common in Telco operators. For law enforcement and tracking user activities, Telco are required to transmit Syslog data from appliance like CGNAT over TCP such that data transfer is guaranteed and in case of network issues of any kind, TCP takes care of retransmissions and if at all there is a failure, it is notified.
Use case
- A network administrator wants to log significant number of events in a syslog server.
- XYX Telecom, an internet service provider wants to transmit and store significant amount of information on syslog servers due to logging regulations imposed by Government.
In case of logging significant events, the syslog messages needs to be transported over a reliable channel for it to be stored safely in a server. Usually syslog messages are transported using UDP protocol to the server which is not reliable. This calls for the need for a reliable transport protocol like TCP to transfer the messages to the syslog server.
Instructions
Configure syslog over TCP using configuration utility
In order to configure syslog over TCP using configuration utility, the below mentioned steps have to be followed.Step 1: Navigate to Configuration tab > System > Auditing > Syslog > Servers tab.
Step 2: Syslog action name has to be entered under Name, Transport type has to be mentioned as “TCP” to enable syslog transport over TCP.
Note: To avoid overlapping/conflicting times during time changes GMT should be configured under time zone option. GMT is absolute and will never skip/reverse an hour.
Configure syslog over TCP using command prompt
In order to configure syslog over TCP using command prompt, the following CLI command has to be used.add syslogaction <name> <serverIP> -loglevel <level>
-acl ( ENABLED | DISABLED )
-appflowExport ( ENABLED | DISABLED )
-dateFormat <dateFormat>
-logFacility <logFacility>
-lsn ( ENABLED | DISABLED )
-maxLogDataSizeToHold <positive_integer>
-serverPort <port>
-tcp ( NONE | ALL )
-tcpProfileName <string>
-timeZone ( GMT_TIME | LOCAL_TIME )
-transport ( TCP | UDP )
-userDefinedAuditlog ( YES | NO )
> add syslogaction TCPDEMO <syslog serverIP> -loglevel debUG -transport TCP -serverPort 514
Thus by enabling syslog over TCP, Network administrators/Telco service providers can ensure reliable transport of log messages to the syslog server.
Additional Resources
- Product Documentation - SYSLOG Over TCP