Define general syslog settings

You can adjust general log forwarding settings by editing the LogServerConfiguration.txt. Adjusting these settings is optional.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Stop the Log Server:
    • If you run the Log Server as a service in Windows, you can stop it in the Windows Control Panel’s Services list.
    • In Linux, run the script <installation directory>/bin/sgStopLogSrv.sh.
  2. Create a text file on the Log Server that lists the fields to forward in the correct order.
    See Knowledge Base article 10010 for more information.
    Tip: The <installation directory>/data/fields/syslog_templates/ directory contains example configuration files.
  3. Change the parameters in LogServerConfiguration.txt.

    The file is located in <installation directory>/data/.

    Table 1. Log Server configuration
    Parameter Value Description
    SYSLOG_CONF_FILE <File name> Path to the file you created in Step 2, which defines the fields that are forwarded and their order.
    SYSLOG_MESSAGE_PRIORITY 0–191 a

    The priority of the syslog message is included at the beginning of each UDP packet (the default is 6).

    a) As defined in RFC 3164 (http://⁠www.ietf.org/rfc.html).

    SYSLOG_USE_DELIMITER

    ALWAYS_EXCEPT_NULL

    NEVER

    ALWAYS

    Defines whether to use double quotes (“) in syslog messages to delimit the field values.

    The default setting “ALWAYS_EXCEPT_NULL” uses double quotes only for non-empty fields. “NEVER” does not use delimiters. “ALWAYS” uses double quotes as delimiters for all empty and non-empty field values.

  4. Save the file and restart the Log Server.