Log Sink Properties
When you create or view details about a log sink on the , the Log Sink Properties appear. Information about the sink is organized across these tabs:
When you create or view details about a log sink on the
Layer7 API Gateway, the Log Sink Properties appear. Information about the sink is organized across these tabs:
- Basic Settings
- File Settings
- Syslog Settings
To access log sink properties:
- Run the Manage Log/Audit Sinks task.
- Select a log sink and then click [Properties]. You can also click [Create] to enter the properties for a new log sink. The Log Sink Properties appear.
- Configure each tab in the dialog as necessary.
- Click [OK] when done.
Configuring the [Base Settings] tab
Base Settings] tab defines properties common to both File and Syslog sinks. Complete this tab as follows:
If you are creating a new log sink, enter a name for the log sink here. If you are editing a log sink, the existing name is displayed here and cannot be changed.
The log sink name is restricted to ASCII letters and numbers, underscores, and hyphens. Non-English single byte and multi-byte characters are not supported.
Select this check box to enable the log sink. Clear this check box to disable the log sink.
Optionally enter or modify the description of the log sink.
Choose the type of log sink from the drop-down list:
Choose the severity threshold for information to be recorded by this sink. Only information at this level or higher is processed. Choose
Allto include events from every severity threshold.
To learn more about how the severity threshold in log sinks work, see "Understanding Logging Thresholds" in Gateway Logging Levels and Thresholds.
Configure the filters for the log sink to control which messages are sent to the sink. By combining several filters, you can indicate with precision which events are logged.
If an item in the filter list has been deleted or is inaccessible (that is, the user does not have permission to access the entity), "Not Found/Inaccessible" will be shown next to the entity name; for example:
Folder=Not Found/Inaccessible '-2:12345678'
where "-2" is an internal code for the entity type and "12345678" is an internal identifier for the entity.
Optionally choose a security zone. To remove this entity from a security zone (security role permitting), choose "No security zone".
For more information about security zones, see Understanding Security Zones.
This control is hidden if either: (a) no security zones have been defined, or (b) you do not have Read access to any security zone (regardless of whether you have Read access to entities inside the zones).
Configuring Log Sink Filters
You can configure the following filter types for a log sink:
Select the category(ies) of Gateway log information to be output by the log sink.
Create at least one Category filter for the log sink to work correctly.
Enter the IP address of the client to be output by the log sink.
Select one or more folders to be output by the log sink. All items within that folder (including any subfolders) are included in the related log sink. The effect is the same as if you had manually selected all the services and policies.
Any logging events that are not generated in relation to an item (service or policy) within the selected folder) are not included in the related log sink.
Selecting the root folder will include log events from all your services and policy fragments, including the contents of all subfolders. For more information, see Organize Services and Policies into Folders.
Select the policies to be output by the log sink.
Select the services to be output by the log sink. Only log messages that are associated with that service are included in the log sink.
Configuring the [File Settings] tab
The following configuration options are available for logs of type "File":
Maximum File Size
Enter the maximum size per log file, in KB. Once the maximum is reached, the system rotates to the next log file. The minimum file size is 1KB, while the maximum is 1GB (1048576KB). The default is 1024.
Log Files to Keep
Enter the number of log files to keep, from 1 to 100. The default is
(1) The combined maximum file for all logs is 5GB. (Maximum File Size x Log Files to Keep). (2) If you keep only one log file, it will be purged when its maximum size is reached.
Choose the format to write log messages:
Boot process complete.
Dec 5, 2007 3:49:27 PM 10 com.l7tech.server.BootProcess
INFO: Boot process complete.
Dec 5, 2007 3:49:27 PM 10 com.l7tech.server.BootProcess start
INFO: Boot process complete
Roll logs based on time period
Select this check box to roll the log files based on time interval. The file size settings are disabled when this is selected.
Clear this check box to roll the log files based on file size.
When rolling logs are based on time interval, choose the frequency from the drop-down list.
The date format for each type of rotation is as follows:
For example, a sink named "TEST" has a file named "TEST.2012-10-23.log" for a daily rotation.
Time-based rotation may create very large log files, especially if the sink is configured to log a large amount of information. It is best to keep the amount of data being logged to a minimum.
Configuring the [Syslog Settings] tab
The following configuration options are available for logs of type "Syslog":
Select the protocol to use: TCP (plain), UDP, or SSL. The default is TCP.
Define the hosts to receive the log file. You can enter multiple hosts to support Syslog failover. The Gateway uses an "ordered sticky with failover" strategy, beginning with the first host, then moving to subsequent hosts upon failure. If the Gateway is restarted, the first host on the list is used.
To reposition the host in the list, select it and then click either [
Move Up] or [
Enter the facility number to log as, from 0 to 23. The default is
1. For assistance on the facility number, contact your Syslog administrator.
Choose the format to write log messages:
Sep 14 10:44:05 localhost SSG: Authenticated on Internal Identity Provider
Sep 14 10:44:05 localhost SSG: User 'admin' logged in from IP '127.0.0.1'.
Sep 14 10:44:56 localhost SSG: INFO com.l7tech.server.admin.AdminSessionManager: Authenticated on Internal Identity Provider
Sep 14 10:44:56 localhost SSG: INFO com.l7tech.server.admin.AdminLoginImpl: User 'admin' logged in from IP '127.0.0.1'.
Sep 14 10:45:56 localhost SSG: [SyslogLogSink] INFO com.l7tech.server.admin.AdminSessionManager authenticate: Authenticated on Internal Identity Provider
Sep 14 10:45:56 localhost SSG: [SyslogLogSink] INFO com.l7tech.server.admin.AdminLoginImpl login: User 'admin' logged in from IP '127.0.0.1'.
Select this check box to include the Gateway hostname in the logged information. This setting is turned on by default, but you may need to clear the check box to avoid duplication with certain Syslog servers.
Select the character set to log in from the drop-down list: UTF-8, LATIN-1, ASCII. The default is UTF-8.
Select the time zone for logging. The default is to use the existing system settings.
This section is available only if the selected Protocol is "SSL".
Send a Test Message
Click this button to send a test message to the Syslog sink. Use this to verify the settings.