This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

APIGEE logging with ELK. Unable to send logs to ELK

Posted on 08-02-2021 05:50 AM
jyoti07
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

 

I am trying to send logs from apigee private cloud to the ELK by using message logging policy.

 

<MessageLogging name="LogToSyslog">
  <Syslog>
    <Message>[3f509b58 tag="{organization.name}.{apiproxy.name}.{environment.name}"] Weather request for WOEID {request.queryparam.w}.</Message>
    <Host>(https)elk endpoint</Host>
    <Port>port</Port>
    <Protocol>TCP</Protocol>
    <SSLInfo>
<Enabled>true</Enabled>
</SSLInfo>
  </Syslog>
</MessageLogging>

 

I have added TLS certificate from ELK side as well.

But Logs are not getting reflected to the ELK side.

What am I missing here while configuring logging??

What is the prerequisites to send logs to ELK????

0 5 190
0 Likes
5 REPLIES 5

Posted on --/--/---- --:-- AM
Denis_KALITVI
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

this is TCP logging, not http(s) API logging I think

0 Likes

Posted on --/--/---- --:-- AM
jyoti07
Bronze 2
Bronze 2
In response to Denis_KALITVI
Reply posted on --/--/---- --:-- AM

could you please elaborate 

0 Likes

Posted on --/--/---- --:-- AM
API-Evangelist
Silver 5
Silver 5
Reply posted on --/--/---- --:-- AM

What error you are facing?

If you are setting up Message logging over TCP did you provide proper host,protocol,port information?

https://docs.apigee.com/api-platform/reference/policies/message-logging-policy#syslog-over-tlsssl

Few checks

1. firewall from MP servers to the ELK - Source MP, Destination- ELK, port ELK Port using a simple telnet <<ELK host>> <<ELK port>>

2. While running some traffic simple tcpdump on MP to make sure the packets are sent out to ELK

 

If you intent to use logging over https you may want to use ServiceCallout policy providing the authentication,url and the actual logging payload.

https://docs.apigee.com/api-platform/reference/policies/service-callout-policy#google-geocoding-defi...

 

 

Posted on --/--/---- --:-- AM
jyoti07
Bronze 2
Bronze 2
In response to API-Evangelist
Reply posted on --/--/---- --:-- AM

Thanks for your response.

I tried given suggestion. But still no luck in this issue.

0 Likes

Posted on --/--/---- --:-- AM
Denis_KALITVI
Silver 2
Silver 2
Reply posted on --/--/---- --:-- AM

again, this is huge difference between TCP and HTTP(S) protocols, which are working on different OSI levels. logging policy (I think) that you see is using TCP "push" for the logger listener. you cannot write https://{host}, you need to give host: yourlogging.com, port, and on the other side catch it (UDP\TCP). while you are writing https://xyz.xxz - probably won't work. 

 

0 Likes
Top Solution Authors
View all