This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Message logging - Syslog TLS/SSL - Issue with log message with line breaks

Posted on 08-26-2019 06:52 PM
Prashant819
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hello,

I have a query on message logging policy when it is used with UDP and TCP/SSL to send log message with line breaks to Splunk.

Currently we are in the process of migrating from Apigee on-prem to Apigee Cloud and have a on-prem Splunk setup.

1. With on-prem Apigee --> When syslog over UDP is used to send a log message (with line breaks) to Splunk . It is sent as a single message and appear in Splunk as a single message.

Message logging policy configuration -

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MessageLogging async="false" continueOnError="true" enabled="true" name="ML-CommonLogMessage">
    <Syslog>
        <Message>{logMessage}</Message>
        <Host>SplunkHostName</Host>
        <Port>SplunkUDPPort</Port>
    </Syslog>
</MessageLogging>

2. With cloud Apigee --> When syslog with TCP/SSL is used to send a log message (with line breaks) to Splunk. It gets split into multiple messages on each line break and appear in splunk as multiple messages.

I want this to be a single message in this case too (same as syslog/UDP from OPDK).

Message logging policy configuration - 

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<MessageLogging async="false" continueOnError="true" enabled="true" name="CommonLogMessage">
    <Syslog>
        <Message>{logMessage}</Message>
        <Host>SplunkHostName</Host>
        <Port>SplunkTCPPort</Port>
        <Protocol>TCP</Protocol>
        <SSLInfo>
            <Enabled>true</Enabled>
            <ClientAuthEnabled>true</ClientAuthEnabled>
            <KeyStore>ref://Ref_Keystore</KeyStore>
            <KeyAlias>Alias_Keystore</KeyAlias>
            <TrustStore>ref://Ref_Truststore</TrustStore>
        </SSLInfo>
    </Syslog>
</MessageLogging>

My question is - Why Apigee sends log message with line breaks as multiple messages (and not as a single message) with TCP/SSL?

Please suggest if I am missing something or my understanding is wrong.

@Dino-at-Google

Thanks.

1 4 1,220
Topic Labels
4 REPLIES 4
Top Solution Authors
View all