How to enable Syslog over TCP in ADC

How to enable Syslog over TCP in ADC

book

Article ID: CTX205824

calendar_today

Updated On:

Description

This article describes how to enable syslog over TCP in ADC.

Background

Syslog is the standard used for logging information. Syslog enables isolation of the system that generates information and the system that stores the information. Syslog usage is quite common in Network implementations today. It allows network administrators to consolidate logging information and derive insights from the collected data. Syslog can be used to log different types of events.

Syslog originally was designed to work over UDP as it is a lot of information transmitted to other nodes within same network where packet loss is minimal. Thus over years several Syslog implementations over UDP worked really well and ADC supports that from inception of the product line.

Syslog over TCP is not as common in Enterprises but quite common in Telco operators. For law enforcement and tracking user activities, Telco are required to transmit Syslog data from appliance like CGNAT over TCP such that data transfer is guaranteed and in case of network issues of any kind, TCP takes care of retransmissions and if at all there is a failure, it is notified.
User-added image

Use case

  • A network administrator wants to log significant number of  events in a syslog server.
  • XYX Telecom, an internet service provider wants to transmit and store significant amount of information on syslog servers due to logging regulations imposed by Government.

In case of logging significant events, the syslog messages needs to be transported over a reliable channel for it to be stored safely in a server. Usually syslog messages are transported using UDP protocol to the server which is not reliable. This calls for the need for a reliable transport protocol like TCP to transfer the messages to the syslog server. 

Instructions

Configure syslog over TCP using configuration utility

In order to configure syslog over TCP using configuration utility, the below mentioned steps have to be followed.

Step 1:  Navigate to Configuration tab > System > Auditing > Syslog > Servers tab.

User-added image

Step 2: Syslog action name has to be entered under Name, Transport type has to be mentioned as “TCP” to enable syslog transport over TCP.

User-added image

Note: To avoid overlapping/conflicting times during time changes GMT should be configured under time zone option. GMT is absolute and will never skip/reverse an hour.

Configure syslog over TCP using command prompt

In order to configure syslog over TCP using command prompt, the following CLI command has to be used.
add syslogaction <name> <serverIP> -loglevel <level>
                                    -acl ( ENABLED | DISABLED )
                                    -appflowExport ( ENABLED | DISABLED )
                                    -dateFormat <dateFormat>
                                    -logFacility <logFacility>
                                    -lsn ( ENABLED | DISABLED )
                                    -maxLogDataSizeToHold <positive_integer>
                                    -serverPort <port>
                                    -tcp ( NONE | ALL )
                                    -tcpProfileName <string>
                                    -timeZone ( GMT_TIME | LOCAL_TIME )
                                    -transport ( TCP | UDP )
                                    -userDefinedAuditlog ( YES | NO )
 
> add syslogaction TCPDEMO <syslog serverIP>  -loglevel debUG -transport TCP -serverPort 514

Thus by enabling syslog over TCP, Network administrators/Telco service providers can ensure reliable transport of log messages to the syslog server.

Issue/Introduction

This article describes how to enable syslog over TCP in NetScaler.

Additional Information

Powered by Wolken Software