This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

MessageLoggingPolicy integration with Logstash

Posted on 03-06-2015 02:02 AM
dveerendra004
New Member
Reply posted on --/--/---- --:-- AM

When using a MessageLogging policy to send in syslog messages to logstash, the message does not get logged at all.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MessageLogging  async="false" continueOnError="false" enabled="true" name="Message-Logging-1">
    <DisplayName>Message Logging</DisplayName>
    <Syslog>
        <Message>{system.time.year}-{system.time.month}-{system.time.day}:{system.time.hour}-{system.time.minute}-{system.time.second}.{system.time.millisecond} {apiproxy.name} {request.header.x-requestor-app} {request.header.x-realm} [{request.header.x-requestor-type}|{request.header.x-requestor}] </Message>
        <Host>logstash.xxxx.com</Host>
        <Port>5140</Port>
    </Syslog>
</MessageLogging>
0 3 523
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
cmbrown
Staff
Reply posted on --/--/---- --:-- AM

For MessageLogging policy you need to use UDP port 514. Also you may need a specific data element within your message itself based upon the 3rd parties "rules" for collection. You would need to look at logstash requirement. Let me know how you make out.

0 Likes

Posted on --/--/---- --:-- AM
Not applicable
Reply posted on --/--/---- --:-- AM

156-err.png

Looks like Protocol is not supported. But the documentation says the otherway.

0 Likes

Posted on --/--/---- --:-- AM
jonesfloyd
Staff
Reply posted on --/--/---- --:-- AM

Interesting. The Protocol element in Syslog was supposedly available as of cloud release 140723 and OPDK release 4.14.07.00. If you leave Protocol off, the default should be UDP.

I just tried deploying the following Message Logging policy to my environment (through the UI and importing as a proxy bundle), and I got no validation errors.

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MessageLogging  async="false" continueOnError="false" enabled="true" name="Message-Logging-1">
    <DisplayName>Message Logging 1</DisplayName>
  <Syslog>
    <Message>[3f509b58 tag="{organization.name}.{apiproxy.name}.{environment.name}"] Weather request for WOEID {request.queryparam.w}.</Message>
    <Host>localhost</Host>
    <Port>514</Port>
    <Protocol>UDP</Protocol>
  </Syslog>
</MessageLogging>

Veerendra, have you tried it with port 514? (You can just leave the protocol element off for a UDP default.)

0 Likes