Solved: MessageLogging Policy integration with 3rd party c... - Page 2

rdeandrade · 09-23-2014 09:02 AM

When using a MessageLogging policy to send in syslog messages to 3rd party vendors, the message does not get logged at all.

Example policy (using papertrailapp.com):

<MessageLogging  async="false" continueOnError="false" enabled="true" name="Message-Logging-1">     
    <DisplayName>Message Logging 1</DisplayName>
    <Syslog>
        <Message>{client.ip}|hello world</Message>
        <Host>logs2.papertrailapp.com</Host>
        <Port>XXXX</Port> 
        <Protocol>UDP</Protocol>  
    </Syslog>
</MessageLogging>

rdeandrade

Answering my own question to document my findings.

Apigee enforces that only port 514 is allowed when using UDP.

For papertrail, the options are:

- use TCP on their custom port number

- use UDP, but then papertrail requires that the source IPs are configured in their system to allow connections to UDP port 514 - under 'Add System', select, alternatives and then "My syslogd only uses the default port" to add the MP's IP addresses to papertrail.

For loggly, it already uses the standard ports, but have other requirements on the message format:

<MessageLogging  async="false" continueOnError="false" enabled="true" name="Message-Logging-2">
    <DisplayName>Message Logging 2</DisplayName>
    <Syslog>
        <Message>[{logglytoken}@41058 tag="{organization.name}.{apiproxy.name}.{environment.name}"] Hello World</Message>
        <Host>logs-01.loggly.com</Host>
        <Port>514</Port>
      <Protocol>UDP</Protocol>
    </Syslog>
</MessageLogging>

Note inside the message itself where it shows [token@41058... the format is key to have the messages displayed in loggly and the @41058 needs to be there as well - loggly doc on structured data: https://www.loggly.com/docs/automated-parsing/

View solution in original post

MessageLogging Policy integration with 3rd party cloud vendors