MessageLogging Policy integration with 3rd party cloud vendors

When using a MessageLogging policy to send in syslog messages to 3rd party vendors, the message does not get logged at all.

Example policy (using papertrailapp.com):

<MessageLogging  async="false" continueOnError="false" enabled="true" name="Message-Logging-1">     
    <DisplayName>Message Logging 1</DisplayName>
    <Syslog>
        <Message>{client.ip}|hello world</Message>
        <Host>logs2.papertrailapp.com</Host>
        <Port>XXXX</Port> 
        <Protocol>UDP</Protocol>  
    </Syslog>
</MessageLogging>
Solved Solved
1 3 1,058
1 ACCEPTED SOLUTION

Answering my own question to document my findings.

Apigee enforces that only port 514 is allowed when using UDP.

For papertrail, the options are:

- use TCP on their custom port number

- use UDP, but then papertrail requires that the source IPs are configured in their system to allow connections to UDP port 514 - under 'Add System', select, alternatives and then "My syslogd only uses the default port" to add the MP's IP addresses to papertrail.

For loggly, it already uses the standard ports, but have other requirements on the message format:

<MessageLogging  async="false" continueOnError="false" enabled="true" name="Message-Logging-2">
    <DisplayName>Message Logging 2</DisplayName>
    <Syslog>
        <Message>[{logglytoken}@41058 tag="{organization.name}.{apiproxy.name}.{environment.name}"] Hello World</Message>
        <Host>logs-01.loggly.com</Host>
        <Port>514</Port>
      <Protocol>UDP</Protocol>
    </Syslog>
</MessageLogging>

Note inside the message itself where it shows [token@41058... the format is key to have the messages displayed in loggly and the @41058 needs to be there as well - loggly doc on structured data: https://www.loggly.com/docs/automated-parsing/

View solution in original post

3 REPLIES 3

Answering my own question to document my findings.

Apigee enforces that only port 514 is allowed when using UDP.

For papertrail, the options are:

- use TCP on their custom port number

- use UDP, but then papertrail requires that the source IPs are configured in their system to allow connections to UDP port 514 - under 'Add System', select, alternatives and then "My syslogd only uses the default port" to add the MP's IP addresses to papertrail.

For loggly, it already uses the standard ports, but have other requirements on the message format:

<MessageLogging  async="false" continueOnError="false" enabled="true" name="Message-Logging-2">
    <DisplayName>Message Logging 2</DisplayName>
    <Syslog>
        <Message>[{logglytoken}@41058 tag="{organization.name}.{apiproxy.name}.{environment.name}"] Hello World</Message>
        <Host>logs-01.loggly.com</Host>
        <Port>514</Port>
      <Protocol>UDP</Protocol>
    </Syslog>
</MessageLogging>

Note inside the message itself where it shows [token@41058... the format is key to have the messages displayed in loggly and the @41058 needs to be there as well - loggly doc on structured data: https://www.loggly.com/docs/automated-parsing/

Hi @Ricardo de Andrade, thanks for the answer. I've used the following snippet in my message logging policy.

<Message>[{mylogglytoken}@41058 tag="{organization.name}.{apiproxy.name}.{environment.name}"] Hello World</Message>

But, the actual message logged in loggly is not able to parse the tag. It is considered as a part of the message itself. Eg:

<14>Fri Jul 10 20:56:06 UTC 2015Info: [{mylogglytoken}@41058 tag="{myorg}.test.dev"] Hello World

Any pointers on this?

@Cladius Fernando , Issue has been resolved in recent release, check article here.